Other Free Encyclopedias » Online Encyclopedia » Encyclopedia - Featured Articles » Contributed Topics from A-E

Digital Watermarking - Common watermarking techniques, Important Parameters, Applied mechanisms, Applications, Invertible watermarking, Content-fragile watermarking

cover information media embedding

Martin Steinebach, Fraunhofer IPSI, Darmstadt, Germany
Jana Dittmann, Otto-von-Guericke University Magdeburg, Germany
Erich Neuhold, TU Vienna, Austria

Definition: Digital watermarking techniques are based on information hiding techniques similar to steganographic approaches with the overall goal to embed information into a cover signal, usually multi media data.

The term digital watermarking was used for the first time by Tirkel et al in, actually written in two words: “water mark”. Instead of a confidential or hidden communication, watermarking addresses the security aspects of data and user authentication or data integrity protection, where a digital watermark is a perceptually transparent pattern inserted in digital data using an embedding algorithm and an embedding key. A detection algorithm using the appropriate detection key can retrieve the watermark information. In most approaches the embedding and detection keys are secret, see more details in.

Common watermarking techniques

Watermarking files or streams often requires access to different storage and transmission formats. There are raw data formats based on PCM or bitmaps and lossless or lossy compression formats like MPEG. For some applications, it is sufficient to embed the watermark into format-specific information without direct access to the actual cover signal. The watermark can either be embedded in the format representation, like header or stream information or into the format-specific representation of the media, like for example mp3 scale factors or facial animation parameter of MPEG-4. This is on the one hand very efficient, as no transformations are necessary and often ensured a high transparency. On the other hand these approaches are not robust against format changes or decoding/re-encoding processes and are easy to attack.

Watermarking methods based on modifying the least significant bit(s) of a cover signal can be applied to every media type robust to bit modifications. Usually the LSB of a media (e.g. sample or pixel) can be changed without degrading the perceived quality. Additional gate functions can be applied to ensure a high transparency by allowing the usage of least significant bits only in those parts of the cover signal where the overall energy is high. This operation can be repeated for each sample or pixel, enabling a very high capacity. As an example one could in theory embed more then 88.000 bits in one second of CD PCM audio. The major drawback of his approach is its usually very low robustness as the least significant bits are often modified by all types of media operations.

The spread spectrum technique is one of the most often used watermark embedding methods for both audio and visual data. It combines high robustness and good transparency at the cost of complexity due to transformation operations. Here a narrow band watermarking signal is transmitted over the cover which features a much larger bandwidth. The amount of energy spread in each frequency component of the spectrum is minimal. The frequency bands are often varied during the embedding process to increase embedding security. The watermarking signal is undetectable, unless one knows the exact location where the information was embedded. The cover can be first submitted to a perceptual analysis process to guarantee invisibility of the watermark. The result of this perceptual analysis is a mask that regulates the strength of the watermark to be embedded.

Important Parameters

The most important properties of digital watermarking techniques are transparency, robustness, security, capacity, invertibility (reversibility) and complexity and possibility of verification. Based on these parameters the algorithms can be evaluated if a specific algorithm has adequate properties and can be used for a certain application area.

From we define the parameter as follows

  • Transparency relates to the properties of the human sensory. A transparent watermark causes no artifacts or quality loss.
  • Robustness describes whether the watermark can be reliably detected after media operations. It is important to note that robustness does not include attacks on the embedding scheme that are based on the knowledge of the embedding algorithm or on the availability of the detector function. Robustness means resistance to “blind”, non-targeted modifications, or common media operations. For example the Stirmark or 2Mosaik tools attack the robustness of watermarking algorithms with geometrical distortions. For manipulation recognition the watermark has to be fragile to detect altered media.
  • Security describes whether the embedded watermarking information cannot be removed beyond reliable detection by targeted attacks based on a full knowledge of the embedding algorithm and the detector, except the key, and the knowledge of at least one watermarked data. The concept of security includes procedural attacks, such as the IBM attack, or attacks based on a partial knowledge of the carrier modifications due to message embedding or embedding of templates. The security aspect also includes the false positive detection rates.
  • Capacity describes how many information bits can be embedded. It addresses also the possibility of embedding multiple watermarks in one document in parallel.
  • Invertibility describes the possibility to produce the original data during the watermark retrieval.
  • Complexity describes the effort and time we need to embed and retrieve a watermark. This parameter is essential if we have real time applications. Another aspect addresses whether the original data in the retrieval process or not. We need to distinguish between non-blind and blind watermarking schemes.
  • The verification procedure describes if we have a private verification like private key functions or a public verification possibility like the public key algorithms in cryptography.

The optimization of the parameters is mutually competitive and cannot be clearly done at the same time. If we want to embed a large message, we cannot require large robustness simultaneously. A reasonable compromise is always a necessity. On the other hand, if robustness to strong distortion is an issue, the message that can be reliably hidden must not be too long.

There are algorithms which need the original cover signal to retrieve the watermark from the marked cover and also those which can retrieve the watermark without the original cover. The latter are called blind or oblivious watermarking algorithms, the first are called non-blind or non-oblivious. If the need for the original is acceptable usually depends on the application. In forensic cases the original may be available for comparison. In contrast copy-control environments will not allow access to the original due to the vast overhead and delay caused by such demands. In general blind watermarking algorithms are preferred but more challenging to design and implement. In some applications non-blind algorithms are used due to their potential greater robustness.

Almost all watermarking algorithms use the same secret key for embedding and retrieval. In analogy to cryptography this is called symmetric watermarking. In some algorithms or applications the key is known to the public, which is called public watermarking. The need for the embedding key in the retrieval process induces a serious security challenge in watermarking: Everyone who can retrieve a watermark can also embed a new watermark with the same key as the originator of the first watermark. There are also approaches for asymmetric watermarking, where different keys are used for embedding and retrieval, but a security level comparable with asymmetric watermarking has not been achieved yet and further research is required.

Furthermore, during verification we differ between invertible (reversible) and non-invertible (non-reversible) techniques, where the first one allows the reproduction of the original and the last one provides no possibility to extract the watermark without alterations of the original. Usually robust watermarks should be non-invertible while fragile watermarking has the most interest in invertible schemes to detect bit changes and to allow reproduction of the original.

Applied mechanisms

Digital watermarking algorithms use a number of assisting technologies for embedding information into media files. Common examples are perceptual models, signal transformations and error correction codes. Perceptual models are used for ensuring the resulting quality of the marked cover by identifying areas in the cover where information can be hidden without degrading the perceived quality of the cover. Usage of a perceptual enables a high embedding for most covers, but may lead to a disability of embedding watermarks in certain material with problematic characteristics.

Signal transformations like Fourier Transformation or Wavelet transformation are applied if the cover signal is not provided in a domain suitable for watermark embedding. Many algorithms embed information into the spectrum of the cover, while many media covers are stored in the time or pixel domain. Therefore a transformation is needed to calculate the spectrum of the cover. This spectrum is then modified by the watermarking algorithm and re-transformed to the original domain. Signal transformations often cause the highest computational cost of watermarking algorithms. Error correction codes are applied to improve the reliability of watermarking retrieval. Especially after attacks individual watermarking bits may flip or are not interpreted correctly. Without error correction, this would lead to a false retrieval result. Using an error correction mechanism therefore improves robustness of a watermarking algorithm, while at the same time capacity is reduced as the error correction codes usually increase the length of the watermarking information by factor two or more. Furthermore to achieve the required security in most application scenarios cryptographic techniques becomes important and are combined with digital watermarking to so called hybrid systems. For example the watermark information is encrypted before embedding, hashed or signed with a digital signature.

Transparency is based on the properties of the human visual system or the human auditory system. A transparent watermark causes no artifacts or quality loss. Here for image watermarking in most cases visual models determine the watermark strength and adoptive calculated for every mark position individually. Additionally for video, we use the same mark position for each mark frame. The visual quality loss can be evaluated with subjective tests or objective methods, like for example by measuring the signal to noise ratio (SNR) in db.


Digital watermarking is a flexible technology used in a broad range of applications. The first watermarking approaches were directed at owner authentication or copyright protection, where an owner or producer identification is embedded to prove ownership or source of the cover. Important challenges in this application are a high transparency demand as sold or distributed material of low quality will not be accepted and at the same time high robustness of the watermark to stay in the marked content as long as the quality of the cover is high enough to be of any value.

A more recent approach to copyright protection is to use digital watermarking to identify single copies of an original media file by e.g. embedding a transaction code, a customer ID or a simple continuous number into each copy. Whenever a copy is found, the watermark can be retrieved and the source can be identified by the embedded individual information. With digital watermarking restrictive protection solutions are not necessary to secure digital media. The customer is free to use and consume the media data he bought in any way and on any device he likes. But if he passes the content into illegal environments and copies are found, he can be identified. Therefore this application is called customer identification or customer tracing watermarking. Requirements are similar to copyright watermarking, but in addition a high security to prevent false accusations and often a high capacity due to long transactions codes are required.

The embedding of additional information into a cover or a set of covers is called annotation watermarking. An annotation watermark only needs to be robust against a specified set of transformations which are known to occur in the application scenario. Security usually is not important as it usually makes no sense to forge or change an embedded watermark as long as these are only used for information transmission. One of the most important issues is transparency: An additional service should not reduce the quality of the media or it will not be accepted. Blind methods are necessary as the end user will not have both versions of the media to compare. The capacity should be as high as possible and is very important. The more information can be embedded, the more additional services can be provided.

Watermarking can also be used to identify specific content in a broadcast monitoring system. The watermark is embedded to identify a cover in a broadcast channel to monitor its usage, for example for the automatic generation of song tracking lists. The requirements are similar to copyright protection watermarking with respect to transparency and robustness. But in addition, a low complexity at watermarking detection is necessary to enable real-time monitoring on multiple channels.

Integrity protection is an application domain where the watermark enables to verify the integrity of the cover, to recognize manipulations and sometimes even to recover the original information after manipulations without the need to access the original cover. This can be achieved with or without knowledge of the content. In the knowledge independent approaches a watermark is embedded in the media which is not robust against media manipulations.

If it can be detected later, the integrity of the media has not been attacked. This is called fragile watermarking and can be compared to adding a sigil into the media data which breaks as soon as the content is modified. The sensitivity of fragile watermarks enables their usage in multi media data authentication. Various approaches with differing fragility to attacks exist, which are generally classified as fragile, semi-fragile, content-fragile and self-embedding.

Invertible watermarking

Common watermarking algorithms always cause a certain reduction or modification of the cover. In some scenarios this is not acceptable. To address this, Friedrich et al. presented the concept of invertible watermarking.. Here the original cover can be reproduced from the marked cover if the marked cover has not been modified by attacks. This is achieved by embedding a lossless compressed copy of the cover parts modified by the watermarking algorithm into the cover. The modified parts which carry the watermark can later be replaced by the retrieved copy. In combination with cryptographic mechanisms, this enables advanced and convenient high security media protection, where for example in we find an evaluation of the impact of the chosen cryptographic means to potential attack on invertible authentication schemes.

Content-fragile watermarking

Content-fragile watermarking is the most advanced concept for integrity protection based on digital watermarking. A description of the media content is extracted and embedded with a robust watermarking algorithm. Later, this information can be retrieved and compared with the actual content. Thereby exact positions or detailed information regarding the difference between original and changed copy can be given, enabling an analysis of the nature of occurred attacks.

The syntax or bit stream of multimedia data can be modified without influencing their semantics, as it is the case with scaling, compression or transmission errors. Common security mechanisms like hash functions cannot distinguish between modifications of the representing format and content changes changing the semantics of the media. But usually it is more important to protect the semantics instead of their syntax to vouch for their integrity. Content-based watermarks can be used to verify illegal manipulations and to allow several content-preserving operations. Therefore the main research challenge is to differ from content-preserving and content-changing manipulations. Most existing techniques use threshold-based techniques to decide the content integrity. The main problem is to face the wide variety of allowed content-preserving operations like compression, scaling, format conversion or filtering.

Evaluation and Benchmarking of Watermarking Algorithms

Successful attacks on watermarks can be divided into four large categories. Kutter et al. distinguishes between removal attacks, geometrical attacks, cryptographic attacks and protocol attacks. If somebody tries to eliminate the watermark from the data we speak from removal attack. The approaches employed most frequently are filter models taken from statistical signal theory. Denoising the marked watermarked data through median or high pass filtering as well as non-linear truncation or spatial watermark prediction are methods considered very likely to succeed. Contrary to this, geometrical attacks are not directly aimed to remove the watermark, but try to either weaken it or disable its detection. This can be done using programs like Unzign or Stirmark, see in , or in the short articles on Image, Video and Audio Watermarking for media specific aspects. These introduce either local jittering or local geometrical bending in addition to a global geometrical transformation. As a consequence, most watermark detector looses synchronization with the embedded information and therefore today these attacks are also referred to as synchronization attacks.

Both the removal and the geometrical attack are mostly aimed at the robustness of the watermark. The embedded information is robust if it can be extracted reliably, even if the data material has been modified (but not destroyed completely). Robustness thus signifies the resilience of the watermark-information embedded in the data material to incidental changes or media operations.

In particular, if the watermarking algorithm is known, an attacker can further try to perform modifications to render the watermark invalid or to estimate and modify the watermark. In this case, we talk about an attack on security. The watermarking algorithm is considered secure if the embedded information cannot be destroyed, detected or forged, given that the attacker has full knowledge of the watermarking technique, has access to at least one piece of marked data material, but does not know the secret key. In opposition to robustness, the predicate security signifies resilience to intentional (non-blind) attacks on the watermark itself. Further examples are steganographic attacks, which are referred to as cryptographic attacks in Kutter et al.. As the attacker will try to find the secret key, it is crucial to use keys with a secure length. Other attacks in this category take advantage of the free watermark detector devices available for almost every watermarking technique. Others again try to perform coalition attacks.

The attacks in the last group, the protocol attacks, do neither aim at destroying the embedded information nor at disabling the detection of the embedded information (deactivation of the watermark). Rather than that, they take advantage of semantic deficits of the watermark’s implementation. Consequently, a robust watermark must not be invertible or to be copied. A copy attack, for example, would aim at copying a watermark from one media into another without knowledge of the secret key.

Digital Watermarking Based on Neural Network Technology for Grayscale Images - BACKGROUND: WATERMARKING, NEURAL NETWORK (NN) TO ENHANCE WATERMARKING [next] [back] Digital Video Broadcasting (DVB) Applications - INTRODUCTION, CURRENT STANDARDIZATION INITIATIVES: THE DVB PROJECT, GENERAL FEATURES OF DVB SYSTEMS, Openness, Interoperability, Interfacing

User Comments

Your email address will be altered so spam harvesting bots can't read it easily.
Hide my email completely instead?

Cancel or

Vote down Vote up

almost 6 years ago

explain the multiple watermarking using multiple keys