An Efficient MSB Prediction-Based Method for High-Capacity Reversible Data Hiding
in Encrypted Images
Pauline Puteaux, Student Member, IEEE, and William Puech , Senior Member, IEEE
Abstract— Reversible data hiding in encrypted images (RDHEI) is an effective technique to embed data in the encrypted domain. An original image is encrypted with a secret key and during or after its transmission, it is possible to embed additional information in the encrypted image, without knowing the encryp- tion key or the original content of the image. During the decoding process, the secret message can be extracted and the original image can be reconstructed. In the last few years, RDHEI has started to draw research interest. Indeed, with the development of cloud computing, data privacy has become a real issue. However, none of the existing methods allow us to hide a large amount of information in a reversible manner. In this paper, we propose a new reversible method based on MSB (most significant bit) prediction with a very high capacity. We present two approaches, these are: high capacity reversible data hiding approach with correction of prediction errors and high capacity reversible data hiding approach with embedded prediction errors. With this method, regardless of the approach used, our results are better than those obtained with current state of the art methods, both in terms of reconstructed image quality and embedding capacity.
Index Terms— Image encryption, image security, reversible data hiding, MSB prediction.
• D
D
IGITAL image security plays a significant role in all fields, especially in highly confidential areas like the military and medical worlds. With the development of cloud computing, the growth in information technology has led to serious security problems where confidentiality, authentication and integrity are constantly threatened, by illegal activities like hacking, copying or malicious use of information. The aim of encryption methods is to guarantee data privacy by fully or partially randomizing the content of original images [25]. During the transmission or the archiving of encrypted images, it is often necessary to analyze or to process them without knowing the original content, or the secret key
used during the encryption phase [4].
Manuscript received July 19, 2017; revised October 30, 2017 and
December 22, 2017; accepted January 1, 2018. Date of publication January 29, 2018; date of current version March 2, 2018. The associate editor coordinating the review of this manuscript and approving it for publication was Prof. Xinpeng Zhang. (Corresponding author: William Puech.)
The authors are with the Laboratoire d’Informatique, de Robotique et de Microlectronique de Montpellier, Centre National de la Recherche Sci- entifique, University of Montpellier, 34095 Montpellier, France (e-mail: pauline.puteaux@lirmm.fr; william.puech@lirmm.fr).
Color versions of one or more of the figures in this paper are available online at http://ieeexplore.ieee.org.
Digital Object Identifier 10.1109/TIFS.2018.2799381
In particular, methods of reversible data hiding in the encrypted domain (RDHEI) have been designed for data enrichment and authentication in the encrypted domain, when the encryption phase is necessarily done in the first place as, for example, in a cloud computing scenario. Without knowing the original content of the image or the secret key used to encrypt the image, it is then possible to embed a secret message in the encrypted image. During the decoding phase, the original image must be perfectly recoverable and the secret message must be extracted without error. Therefore, there exists a trade-off between the embedding capacity and the quality of the reconstructed image. In recent years, many methods have been designed. The space to embed the message may be vacated after or before the encryption phase and, during the decoding phase, image reconstruction and data extraction can be processed at the same time [17], [27] or separately [12], [27], [28].
≈
≈
In this paper, we present a new high capacity reversible data hiding scheme for encrypted images based on MSB prediction. Due to the local correlation between a pixel and its neighbors in a clear image, two adjacent pixel values are very close. For this reason, it seems natural to predict a pixel value by using already decrypted previous ones, as in many methods of image coding and compression. However, in some cases, there are some errors. So, the first step of our method consists of identifying all the prediction errors in the original image
1556-6013 © 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Fig. 1. Two possible RDHEI schemes: a) Vacating room after encryption (VRAE) and b) Reserving room before encryption (RRBE).
and to store this information in an error location binary map (note that using overhead such an additional map is not necessary for our proposed method). After that, we propose two different approaches: the CPE-HCRDH (high-capacity reversible data hiding with correction of prediction errors) and the EPE-HCRDH (high-capacity reversible data hiding with embedded prediction errors). The CPE-HCRDH approach consists of correcting the prediction errors (CPE) before encryption. According to the error location map, the original image is pre-processed in order to avoid all the predic- tion errors and then, the pre-processed image is encrypted. In the EPE-HCRDH approach, the original image is directly encrypted, but after the encryption step, the location of the prediction errors is embedded (EPE). During the data hiding phase, in both approaches, the MSB of each available pixel is substituted in the encrypted image by a bit of the secret message. At the end of the process, the embedded data can be extracted without any errors and the clear image can be reconstructed losslessly by using MSB prediction.
The rest of the paper is organized as follows. Section II gives an overview of related work on reversible data hiding in encrypted images. Then, the proposed method is described in detail in Section III. Experimental results and analysis are provided in Section IV. Finally, the conclusion is drawn and future work is proposed in Section V.
• RELATED WORK
Reversible data hiding (RDH) is particularly suitable for authentication and data enrichment. It consists of embed- ding a hidden message into an image. At the end of
the process, it is possible to extract the secret message and to recover losslessly the original image. Methods are based on lossless compression appending, difference expan- sion [23], [24], histogram shifting [5], [15], [22] or a combination of these schemes [16], [21]. Also, by random- izing the content of an original image, encryption provides in particular visual confidentiality. Cryptosystems can be divided into two groups according to the method used: block cipher, or stream cipher [25]. Furthermore, encryption can be selective, when only certain details are hidden in the encrypted image [9], [18], [26], or fully when the global meaning of the image is kept entirely secret [13]. Sometimes, it is necessary to be able to analyze or process encrypted images without knowing the original content, or the secret key used during the encryption phase. Many applications exist, such as visual secret sharing (VSS) [3], [14], research and indexing in encrypted databases [7], [11] or recompression of crypto-compressed images [8].
For image notation or authentication purposes in the encrypted domain, reversible data hiding in encrypted images (RDHEI) methods have been proposed. They allow embed data in the encrypted domain without knowing the content of the clear image nor the encryption key. After the extraction of the message, it must be possible to reconstruct without distorting the original image. The challenge lies in finding the best trade-off between the embedding rate – also called payload – (in bpp), and the recovered image quality (in terms of PSNR or SSIM). These techniques can be classified into two categories, depending if the room is vacated after the encryption phase (VRAE) or reserved before image encryption (RRBE), as presented in Fig. 1. In addition,
encryption and data hiding can be a joint process, when data extraction and original image reconstruction are completed at the same time, or separately.
×
×
Ma et al. [12] were the first to describe a RRBE tech- nique [12]. They proposed to release a part of the original image by applying a RDH method of histogram shifting. After that, they encrypted the image and then inserted information by substituting some LSB values in the encrypted image. With this method, the payload is higher than in previous methods (0.5 bpp) but the reconstructed image is altered when compared with the original (PSNR close to 40 dB). Zhang et al. [29] analyzed the prediction errors (PE) of some pixels and made space to hide data by using PE-histogram shifting before image encryption . Zhang [31] designed a separable method, where a part of the encrypted image was compressed to vacate room for the message embedding. In this case, data extraction can be done before or after image decryption. Xu and Wang [28], propose a new method based on histogram shifting and difference expansion. They used a stream cipher during the encryption phase and designed a specific encryption mode in order to encrypt the interpolation- error. Cao et al. [2], propose a sparse coding technique. By exploiting the local correlation between pixels, they could vacate a large space to hide information. Qian and Zhang [20], described a method based on distributed source coding (DSC). They first encrypted the original image with a stream cipher and, after that, they compress some bits of the MSB planes to make room for the secret data. Zhang et al. [32], encrypted the cover image by using public key cryptography with probabilis- tic and homomorphic properties. After the encryption phase, they embed data in the LSB planes of the encrypted pixels. During the decoding phase, as the introduced distortion was quite low, the embedded data is extracted and the original image was recovered losslessly.
Wu and Sun [27], propose an advanced method, developed in two ways. The first approach is joint. They encrypted the original image in the same way as Zhang [31] and, according to a data hiding key, selected some pixels to conceal data by histogram shifting. The second approach is separable: they hid bits of the secret message by MSB substitution. During the decoding phase, a median filter is applied on the marked image. Although the embedding capacity of this scheme was described as high, it is only possible to embed 0.1563 bpp at most.
• PROPOSED RDHEI METHOD WITH HIGH CAPACITY
None of the existing methods succeed in combining high embedding capacity (near 1 bpp) and high visual quality (greater than 50 dB). In most cases, the methods based on prediction error analysis (PE) or using a histogram shifting technique, the LSB values of some pixels are replaced to hide bits of the secret message. However, if an image is encrypted, it is difficult to detect if it contains a hidden message or not. In fact, the pixel values of an encrypted image are pseudo- randomly generated. So, there is no correlation between a pixel and its adjacent neighbors. For this reason, we propose to use the MSB values instead of the LSB values to embed the hidden message. With this approach, in the encrypted domain, confidentiality is still the same and during the decryption, the prediction of the MSB values is easier to obtain than those of the LSB.
→ +∞
→ +∞
• Overview of the Proposed Method
×
×
Fig. 2. Overview of the general encoding method.
person could embed a message by using a data hiding key Kw, without knowing Ke. After this process, we obtain a marked encrypted image Iew , which has exactly the same size as the original image.
• Prediction Error Detection: In this method, since we propose to embed the secret message by MSB substitution, the original MSB values are lost after the data hiding step. It is important, during the decoding phase, to be able to predict them without any errors. Indeed, in order to reconstruct the original image, we propose to use the previous pixels to predict the current pixel value. So, the first step consists of analyzing the original image content to detect all the possible prediction errors:
• ≤
≤
≤ =
≤ =
+
+
• From the previously scanned neighbors of p(i, j ), com- pute the value pred(i, j ) which is considered as a pre- dictor during the decoding step.
• Calculate the absolute difference between pred(i, j ) and p(i, j ) and between pred(i, j ) and inv(i, j ). Record the results as O and Oinv , so that:
Fig. 3. Encryption step.
Note that since the encryption phase is fully reversible without overflow, it is then possible to recover the clear image without any alteration. Moreover, we also observe that even if we use a chaotic generator in our method, it is quite possible to generate a pseudo-random sequence with a cryptographically secure pseudo-random number generator (CSPRNG), or for example to use the AES algorithm in OFB mode. The only requirement is to use a stream cipher during the encryption phase.
3) Data Embedding: In the data embedding phase, it is possible to embed data in the encrypted image without know- ing either the encryption key Ke used during the previous step or the original content of the image. By using the data hiding key Kw, the to-be-inserted message is first encrypted in order to prevent its detection after embedding in the marked encrypted image. Next, pixels of the encrypted image are
scanned from left to right, then from top to bottom (scan line
O
O
v = | pred(i, j ) − inv(i, j )| .
v = | pred(i, j ) − inv(i, j )| .
(1)
one bit bk , with 0 ≤ k < m × n, of the secret message:
one bit bk , with 0 ≤ k < m × n, of the secret message:
• Compare the values of O and Oinv . If O < Oinv , there is no prediction error because the original value of p(i, j ) is
pew
(i, j ) = bk × 128 + ( pe(i, j ) mod 128). (3)
closer to its predictor than the inverse value. Otherwise, there is an error and we store this information into an error location binary map (note that using overhead such an additional map is not necessary for our proposed method), as illustrated in Fig. 2.
=
=
pe(i, j ) = s(i, j ) ⊕ p(i, j ). (2)
Note that only the first pixel cannot be marked because its value is not predictable, thus its value must not be changed.
4) Data Extraction and Image Recovery: For the decoding
phase, since our method is separable, we can extract the secret message and reconstruct the clear image I˜ separately. I˜ may
be exactly like the original image I itself or a processed image I j very similar to the original image, depending upon which approach is used. There are three possible outcomes:
• the recipient has only the data hiding key Kw,
• the recipient has only the encryption key Ke,
• the recipient has both keys.
An overview of the decoding method is presented in Fig. 4. If the recipient only has Kw, the pixels from the marked encrypted image are scanned in the scan line order and the
Fig. 4. Overview of the decoding method.
MSB of each pixel are extracted in order to retrieve the encrypted secret message:
≤ ×
≤ ×
Then, by using the data hiding key Kw, the corresponding
plaintext can be obtained.
In the second scenario, if the recipient only has Ke, the image I˜ can be reconstructed, before the data hiding and
the encryption steps, by proceeding as follows:
• The encryption key Ke is used to generate the sequence
×
×
• The pixels of the marked encrypted image are scanned in the scan line order, and for each pixel, the seven LSB are retrieved by XORing the marked encrypted value pew(i, j ) with the associated binary sequence s(i, j ) in
the pseudo-random stream:
•
Used Predictor: As explained in the Section III-A.1, we proposed to use the previous pixels to predict the value of the current pixel. For this approach (except for the first row and the first column) we consider the average of the left and the top pixels as a predictor pred(i, j ) for example:
=
=
Indeed, using the average value as a predictor mitigates the to-be-performed pixel modification when there is an error, especially when there is a high difference between the current pixel value and one of its neighboring values.
• Image Pre-Processing: After the prediction error detec- tion phase, we propose to pre-process the original image I in order to obtain an image I j without any prediction errors. For
each problematic pixel, we observe the amplitude of the error and we compute the value of the minimal pixel modification necessary to avoid this error. Eq. (9) shows the provision necessary to have no prediction errors during the decoding phase:
| pred(i, j ) − p(i, j )| < 64. (9)
The detailed pre-processing algorithm to correct all the prediction errors is presented in Algorithm 1.
Algorithm 1 Pre-Processing Algorithm
Require: Original m × n image I
← +
← +
p˜(i, j ) = s(i, j ) ⊕ pew(i, j ), (5)
for i ← 0 to m do for j ← 0 to n do
⊕
⊕
• The MSB value is predicted:
• With the values of the previously decrypted adjacent
pixels, the value of the predictor pred(i, j ) is computed.
• The pixel value is considered with MSB = 0 and with MSB = 1 and the differences between each
inv(i, j ) ( p(i, j ) 128) mod 256;
= =
= =
special processing;
else
←
←
end if
← | − |
← | − |
of these two values and pred(i, j ) are calculated.
These values are recorded as O0 and O1:
.
.
.
.
(6)
(6)
⎩ O1 = . pred(i, j ) − p˜(i, j )MS B=1. .
⎩ O1 = . pred(i, j ) − p˜(i, j )MS B=1. .
O v pred(i, j ) inv(i, j ) ;
≥
≥
if p(i, j)< 128 then
← −
← −
pj(i, j ) pred(i, j ) 63;
else
pj(i, j ) pred(i, j ) 63;
else
• The smallest value between O0
.=
.=
and O1
gives the
pj(i, j ) pred(i, j ) 63;
← +
← +
←
←
p˜(i, j )
p˜(i, j )MSB=0, if O0 < O1,
p˜(i, j )MSB=1, else.
(7)
pj(i, j ) p(i, j );
end if end for
• CPE-HCRDH Approach
In the CPE-HCRDH approach (high-capacity reversible data hiding approach with correction of prediction errors), as shown in Fig. 5, we first pre-process the original image to avoid all the prediction errors in order to be able to reconstruct the image during the decoding step. After this process, we can encrypt the pre-processed image without any problems. During the embedding phase, all the pixels of the encrypted image are marked with one bit of the message. Using this approach, we have a maximal payload, equal to 1 bpp.
end for
For example, if we have p(i, j ) = 50, p(i − 1, j ) = 78 and
p(i, j − 1) = 154, then:
inv(i, j ) = (50 + 128) mod 256 = 178,
2
2
We compute O and Oinv :
O = |116 − 50| = 66, Oinv = |116 − 178| = 62.
Fig. 5. CPE-HCRDH approach encoding phase.
Fig. 6. EPE-HCRDH approach encoding phase.
≥
≥
pred(i, j ) − p(i, j)< p(i, j ) + 128 − pred(i, j ).
By developing this expression, we obtain:
p(i, j)> pred(i, j ) − 64.
The modification of p(i, j ) which minimizes distortion is also:
pj(i, j ) = pred(i, j ) − 63 = 116 − 63 = 53.
After this phase, the pre-processing image I j is encrypted according to Eq. (2). Then, we perform the data hiding by embedding one bit of the secret message in each pixel of
the encrypted image Iej by MSB substitution, by following Eq. (3). We then obtain the marked encrypted image Iejw with
a maximum payload of 1 bpp.
3) Data Extraction and Image Recovery: During the decod- ing phase, to extract the secret message, the marked encrypted image Iejw is scanned and the MSB of each pixel is sim-
ply extracted by using Eq. (4). On the other hand, the pre-processed image I j can be reconstructed without any alteration. We first decrypt the marked encrypted image Iejw to obtain the seven less significant bits (Eq. (5)) and, then,
we predict the MSB value, according to Eq. (6) and Eq. (7). The reconstructed image is very similar to the original one.
• EPE-HCRDH Approach
In the EPE-HCRDH approach (high-capacity reversible data hiding approach with embedded prediction errors), the main goal is to exactly reconstruct the original image. In this case, the payload could decrease a little because of the storage of the error location information. In order to highlight the prediction errors, we adapt the to-be-inserted information according to the error location binary map, built during the prediction error
detection phase. Then, the original image is encrypted and immediately after, the error location information is embedded in the encrypted image. During the data hiding step, we can only hide bits of the secret message in the available pixels. At the end of the decoding step, with the help of the location error information, the original image can be reconstructed without any visible alteration, which is indicated by a PSNR which tends to . A global scheme of this approach is presented in Fig. 6.
• −
−
−
−
+∞
+∞
If | p(i − 1, j ) − p(i, j )| < | p(i, j − 1) − p(i, j )| ,
then, pred(i, j ) = p(i − 1, j ), (10)
else, pred(i, j ) = p(i, j − 1).
In some cases, the other value can be chosen as a predictor for the inverse pixel value inv(i, j ) during the prediction error detection phase, but the result will remain the same. Note that it is also possible to use the average value of the left and the top pixels as a predictor, like in the CPE-HCRDH approach, but experimentally, we note that results are slightly less good.
• Embedding of the Error Location Information: During prediction error detection, the location of the prediction errors is stored in the error location binary map, as explained in Section III-A.1. Then, the original image I is encrypted by using Eq. (2). Before the embedding step, the encrypted image Ie is adapted to avoid prediction errors. The encrypted image Ie is then divided into blocks of eight pixels and scanned, block by block, in the scan line order. If at least one prediction error is identified in a block according to the error location binary map, the current block is surrounded by
Fig. 7. Prediction error highlighting.
28
28
Then, the encrypted image Iej is obtained, where the pre-
diction errors are highlighted. Using this technique, during
the data hiding phase, the person who wants to mark the image can extract the MSB value of each pixel and use the error location information to detect where it is possible to embed bits of the secret message (i.e. in all the blocks where there is no prediction error and which do not serve as flags). All the available pixels are then marked to obtain the marked encrypted image Iew , by using Eq. (3).
• Data Extraction and Image Recovery: During the decod- ing step, the secret message can be extracted by following these steps:
• The pixels of the marked-encrypted image Iew are
scanned in the scan line order and for each pixel, the MSB value is extracted, according to Eq. (4), and stored. We assume that before the first sequence of eight MSB equal to 1, the extracted values are bits of the embedded message.
• When such a sequence is encountered, it indicates the beginning of an error sequence. Since the next pixels are not marked during the data hiding step, pixels are scanned until the next sequence where eight MSB are equal to 1, which indicates the end of the error sequence.
• This process is repeated until the end of the image. Conversely, as this method is fully reversible, the original image I can be perfectly reconstructed. Firstly, the marked
encrypted image Iew is decrypted to recover the seven LSB
Fig. 8. Original image I from the BOWS-2 database [1].
of each pixel, by using Eq. (5). Then, the MSB values of the pixels are predicted with Eq. (6) and Eq. (7).
• EXPERIMENTAL RESULTS
In this section, we present the results we obtained by applying our method with the CPE-HCRDH approach (high- capacity reversible data hiding approach with correction of prediction errors) and the EPE-HCRDH approach (high- capacity reversible data hiding approach with embedded prediction errors). Section IV-A gives a full example for the two approaches and shows the obtained results on 10,000 images from the BOWS-2 database [1]. Then, in Section IV-B, we perform a statistical analysis in order to test the visual security of our method. Finally, in Section IV-C, we compare our two approaches with related methods and discuss its efficiency.
For data hiding in encrypted images, we have to measure different performances which are the number of incorrect extracted bits, the payload (i.e. embedding rate) and the recon- structed image quality after data extraction. We are interested to discover the best trade-off between all these parameters.
The payload is expressed in bit per pixel (bpp) and is expected to be as large as possible in order to conceal the max- imum amount of information. To evaluate the reconstructed image quality in comparison to the original one, we use two metrics with full reference which are peak-signal-to-noise ratio (PSNR) and structural similarity (SSIM).
• A Detailed Example for the Two Proposed Approaches
×
×
= =
= =
and Fig. 10.a, in white, we can see the location of all the pixels with prediction errors. We can observe that, in these two approaches, we have neither the same prediction errors, nor the same number of errors, because we do not use the same predictor, as explained in Section III-B.1 and Section III-C.1. But globally they are in the same order of magnitude.
In the CPE-HCRDH approach (Fig. 9.a), they are pixels of the original image whose the MSB would be badly predicted if we do not adapt their values during the pre-processing phase. In the EPE-HCRDH approach (Fig. 10.a), they indicate all the pixels which will not be marked. Indeed, in addition, in grey
=
=
b) Histogram of the estimated prediction errors, c) Pre-processed image I j,
PSNR = 46.87 dB, d) Encrypted image Iej , e) Marked encrypted image Iejw ,
f) Reconstructed image I j, PSNR = 46.87 dB, SSIM = 0.9997.
we show the pixels which are not used to embed bits of the secret message because they serve as flags or are part of an error sequence. Note that the prediction errors are often on the edges and there are sometimes more than one error in the same block and, in these cases, the loss in terms of embedding capacity decreases. The histogram in Fig. 9.b illustrates the distribution of the prediction errors when the CPE-HCRDH approach is used and then shows the necessary modifications of the pixel values to avoid all the prediction errors and Fig. 9.c represents the pre-processed image based on Algorithm 1. We can observe that the pre-processed image is very similar to the original one, which is indicated by a PSNR equal to
46.87 dB and a SSIM of 0.9997. In Fig. 9.d, we can see the encrypted pre-processed image by using the encryption key. Fig. 10.b is the encrypted image in the EPE-HCRDH approach and Fig. 10.c corresponds to this image when the highlighted prediction errors are embedded. The content of the original image and the error location information are not visible anymore. Fig. 9.e and Fig. 10.d are the marked encrypted images, obtained in the final step of the encoding. For the CPE-HCRDH approach, each pixel of the encrypted pre-processed image is used to conceal one bit of the secret message (payload = 1 bpp). For the EPE-HCRDH approach, we mark the pixels according to the error location information and even if the embedding rate is smaller, it is quite high
Fig. 10. Illustration of our EPE-HCRDH approach: a) Unmarked pixels’ location (errors and flags), number of errors 1, 225 (0.46%), b) Encrypted image Ie , c) Encrypted image Ie with the highlighted prediction errors,
• j =
j =
• Reconstructed image I , PSNR → +∞, SSIM = 1.
+∞
+∞
and a SSIM equal to 1 (Fig. 10.e). Note that the secret message is always extracted without error in both approaches.
×
×
+∞
+∞
TABLE I
P
P
variance of x (V (x) = 1 ΣS |xk − E(x)|2) and S is the
S
S
k=1
k=1
ON THE BOWS-2 DATABASE (10,000 IMAGES) [1]
size of the considered sample.
• Shannon entropy:
Σ
Σ
H(I) = − P(αl ) log2(P(αl )), (12)
l=0
≤
≤
×
×
• χ 2 test:
255
Σ .
Σ .
P(α ) 1
−l
−l
Σ
Σ
2
2
. (13)
• Σm−1 Σn−1 d(i, j )
Σm−1 Σn−1 d(i, j )
N PC R =
i=0
j =0
m × n
× 100, (14)
. =( , ) =
. =( , ) =
d i j 1, if p(i, j ) pj(i, j ),
0, otherwise.
• Unified averaged changed intensity (UACI):
(15)
Fig. 11. Payload measurements, for the EPE-HCRDH approach, on a sample of 500 images from the BOWS-2 database [1].
U AC I 100
=
=
m−1 n−1 p(i, j ) pj(i, j )
Σ Σ . .−
Σ Σ . .−
i=0 j =0
which indicates a very good image quality. Concerning the
•
Peak-signal-to-noise ratio (PSNR):
.
.
+∞
+∞
m×n
m×n
i=0
i=0
j =0
j =0
the images, the PSNR tends then to and the SSIM is equal to 1. Even if all the pixels are not marked because
the images, the PSNR tends then to and the SSIM is equal to 1. Even if all the pixels are not marked because
PSN R = 10 · log10
1 Σm−1 Σn−1( p(i, j ) − pj(i, j ))2
(17)
(17)
there are some MSB prediction errors (in particular in the worst case), the payload remains high and on the average, we have a payload of 0.9681 bpp; in 92.19%, it is larger than 0.9 bpp.
In order to better visualize the distribution of the different image payloads, in Fig. 11, we randomly selected 500 images among the 10,000 tested images [1] and applied our EPE-HCRDH approach.
• Statistical Analysis of Our Proposed Method
We perform a statistical analysis of our two approaches, in order to verify that they achieve a high visual secu- rity level. We use different statistical metrics: horizontal and vertical correlation coefficients, Shannon entropy, χ 2 test, number of changing pixel rate (NPCR), unified aver- aged changed intensity (UACI) and PSNR between the original image and the encrypted or marked encrypted images.
• Horizontal and vertical correlation coefficients:
As we can see in Fig. 12, the correlation between horizontal pixels in the original image is very high (Fig. 12.a) while there is no correlation between adjacent pixels in the marked encrypted images (Fig. 12.c and Fig. 12.g) and the encrypted image with the highlighted PEs (Fig. 12.e). Moreover, the his- togram of the marked encrypted image obtained with our CPE-HCRDH approach (Fig. 12.d) and the histograms of the encrypted image with the highlighted PEs (Fig. 12.f) and the marked encrypted image (Fig. 12.h) obtained with our EPE-HCRDH approach are uniformly distributed in compar- ison with the original image (Fig. 12.b). It is not possible to exploit them to obtain information about the original content of the image. Indeed, our image encryption scheme allows us to make pseudo-random dependence of the statistical properties between the encrypted images and the original image and this characteristic is conserved after the insertion of the secret message or of the error location information, as presented in the Table II. In the original image (Fig. 8), there is a high correlation between adjacent pixels, as indicated by values
close to one (0.9388 and 0.9436). In the encrypted or marked
corrp,pN
= E {| p − E( p)|| pN − E( pN )|} , (11)
encrypted images, these values are low and close to zero, which means that there is no correlation between the pixel
√V ( p)V ( pN )
√V ( p)V ( pN )
pixel when the horizontal correlation is computed and the top pixel when the vertical correlation is computed), E(x) is the
values. Moreover, we can see that the value of the entropy is very high for the encrypted or marked encrypted images
(∼ 7.9995 bpp) and close to the maximal value, which
S
S
k=1
k=1
indicates that the grey-level distribution tends to be uniform.
Fig. 12. Statistical representations (correlation and histogram) for the original, encrypted and marked encrypted images obtained with our two approaches.
a) Horizontal correlation in the original image (Fig. 8). b) Histogram of the original image (Fig. 8). c) Horizontal correlation in the marked encrypted image, with the CPE-HCRDH approach (Fig. 9.e). d) Histogram of the marked encrypted image, with the CPE-HCRDH approach (Fig. 9.e). e) Horizontal correlation in the encrypted image with the highlighted PEs, with the EPE-HCRDH approach (Fig. 10.c). f) Histogram of the encrypted image with the highlighted PEs, with the EPE-HCRDH approach (Fig. 10.c). g) Horizontal correlation in the marked encrypted image, with the EPE-HCRDH approach (Fig. 10.d).
h) Histogram of the marked encrypted image, with the EPE-HCRDH approach (Fig. 10.d).
TABLE II
QUALITY EVALUATION OF THE OBTAINED IMAGES WITH OUR TWO APPROACHES
∼
∼
∼
∼
∼
∼
• Comparisons With Related Methods and Discussion
We made several comparisons, in terms of embedding rate and reconstructed image quality, between our two proposed
approaches and eight state-of-the-art methods: very recent methods proposed by Zhang et al. [32] and Cao et al. [2] (Fig. 13.a–d) and other methods proposed by Zhang [30], Hong et al. [6], Zhang [31], Ma et al. [12], Zhang et al. [29] and Wu and Sun [27] (Fig. 13.a–b).
To do this, we used the well known images of Lena, Airplane, Man and Crowd. First of all, we can see that our approaches allow us to have a larger payload than the others in all cases. In fact, the maximal payload value for the state- of-the-art methods, obtained by Cao et al. is 0.95 bpp. With our CPE-HCRDH approach, we can embed 1 bpp and with the EPE-HCRDH one, we achieve results very close to this high value. In fact, since we do not need to use overhead for our two approaches, in the EPE-HCRDH approach, we have to decrease the payload and the cost is 0.0359 bpp for Lena, 0.0111 bpp for Airplane, 0.0212 bpp for Man and 0.0145 bpp for Crowd. When we examine the reconstructed image quality, our EPE-HCRDH approach is the only scheme
reconstructed. Note that even if in the proposed method the hidden message can be used for several applications for authentication and data enrichment, it can been also used as an alternative of ECC (Error Correcting Code) for integrity check for example.
Fig. 13. Performance comparisons between our proposed approaches and similar state-of-the-art methods for four test images. a) Test image: Lena.
b) Test image: Airplane. c) Test image: Man. d) Test image: Crowd.
→ +∞
→ +∞
In conclusion, in addition to being error-free during data extraction, our method, whatever the adopted approach, allows us to have a very good trade-off between the embedding rate and the recovered image quality after data extraction, by using only the encryption key. From the security point of view, the statistical analysis shows that there is no information about the content of the original image in the encrypted or marked encrypted version. Moreover, if a small part of the secret mes- sage is modified by an attacker, as this message is encrypted, it cannot be decrypted and thus exploited for authentication. Moreover, in the EPE-HCRDH approach, if the message is modified or removed, then the clear image could not be
•
CONCLUSION
=
=
→ +∞
→ +∞
allow us to improve the embedding capacity.
REFERENCES
• P. Bas and T. Furon. Image Database of BOWS-2. Accessed:
Jun. 20, 2017. [Online]. Available: http://bows2.ec-lille.fr/
• X. Cao, L. Du, X. Wei, D. Meng, and X. Guo, “High capacity reversible data hiding in encrypted images by patch-level sparse rep- resentation,” IEEE Trans. Cybern., vol. 46, no. 5, pp. 1132–1143, May 2016.
• T.-H. Chen and K.-H. Tsao, “User-friendly random-grid-based visual secret sharing,” IEEE Trans. Circuits Syst. Video Technol., vol. 21, no. 11, pp. 1693–1703, Nov. 2011.
• Z. Erkin et al., “Protection and retrieval of encrypted multimedia content: When cryptography meets signal processing,” EURASIP J. Inf. Secur., vol. 2007, pp. 17:1–17:20, Jan. 2007.
• X. Gao, L. An, Y. Yuan, D. Tao, and X. Li, “Lossless data embedding using generalized statistical quantity histogram,” IEEE Trans. Circuits Syst. Video Technol., vol. 21, no. 8, pp. 1061–1070, Aug. 2011.
• W. Hong, T.-S. Chen, and H.-Y. Wu, “An improved reversible data hiding in encrypted images using side match,” IEEE Signal Process. Lett., vol. 19, no. 4, pp. 199–202, Apr. 2012.
• C. Y. Hsu, C. S. Lu, and S. C. Pei, “Image feature extraction in encrypted domain with privacy-preserving SIFT,” IEEE Trans. Image Process., vol. 21, no. 11, pp. 4593–4607, Nov. 2012.
• V. Itier and W. Puech, “How to recompress a JPEG crypto-compressed image?” Electron. Imag., Media Watermarking, Security, Forensics, vol. 2017, no. 7, pp. 36–43, 2017.
• P. Korshunov and T. Ebrahimi, “Scrambling-based tool for secure protection of JPEG images,” in Proc. 21st IEEE Int. Conf. Image Process. (ICIP), Oct. 2014, pp. 3423–3425.
• S. Li, G. Chen, and X. Mou, “On the dynamical degradation of digital piecewise linear chaotic maps,” Int. J. Bifurcation Chaos, vol. 15, no. 10, pp. 3119–3151, 2005.
• W. Lu, A. Swaminathan, A. L. Varna, and M. Wu, “Enabling search over encrypted multimedia databases,” Proc. SPIE, vol. 7254,
Feb. 2009
• K. Ma, W. Zhang, X. Zhao, N. Yu, and F. Li, “Reversible data hiding in encrypted images by reserving room before encryption,” IEEE Trans. Inf. Forensics Security, vol. 8, no. 3, pp. 553–562, Mar. 2013.
• K. Minemura, Z. Moayed, K. Wong, X. Qi, and K. Tanaka, “JPEG image scrambling without expansion in bitstream size,” in Proc. 19th IEEE Int. Conf. Image Process. (ICIP), Sep./Oct. 2012, pp. 261–264.
• M. Naor and A. Shamir, “Visual cryptography,” in Proc. Workshop Theory Appl. Cryptogr. Techn., 1994, pp. 1–12.
• Z. Ni, Y.-Q. Shi, N. Ansari, and W. Su, “Reversible data hiding,” IEEE Trans. Circuits Syst. Video Technol., vol. 16, no. 3, pp. 354–362, Mar. 2006.
• B. Ou, X. Li, Y. Zhao, R. Ni, and Y.-Q. Shi, “Pairwise prediction- error expansion for efficient reversible data hiding,” IEEE Trans. Image Process., vol. 22, no. 12, pp. 5010–5021, Dec. 2013.
• W. Puech, M. Chaumont, and O. Strauss, “A reversible data hiding method for encrypted images,” Proc. SPIE, vol. 6819, Mar. 2008.
• W. Puech and J. M. Rodrigues, “Crypto-compression of medical images by selective encryption of DCT,” in Proc. 13th Eur. Signal Process. Conf. (EUSIPCO), Sep. 2005, pp. 1–4.
• P. Puteaux, D. Trinel, and W. Puech, “High-capacity data hiding in encrypted images using MSB prediction,” in Proc. 6th IEEE Int. Conf. Image Process. Theory Tools Appl. (IPTA), Dec. 2016, pp. 1–6.
• Z. Qian and X. Zhang, “Reversible data hiding in encrypted images with distributed source encoding,” IEEE Trans. Circuits Syst. Video Technol., vol. 26, no. 4, pp. 636–646, Apr. 2016.
• V. Sachnev, H. J. Kim, J. Nam, S. Suresh, and Y. Q. Shi, “Reversible watermarking algorithm using sorting and prediction,” IEEE Trans. Circuits Syst. Video Technol., vol. 19, no. 7, pp. 989–999, Jul. 2009.
• W.-L. Tai, C.-M. Yeh, and C.-C. Chang, “Reversible data hiding based on histogram modification of pixel differences,” IEEE Trans. Circuits Syst. Video Technol., vol. 19, no. 6, pp. 906–910, Jun. 2009.
• J. Tian, “Reversible watermarking by difference expansion,” in Proc. Workshop Multimedia Secur., vol. 19. 2002, pp. 1–4.
•
J. Tian, “Reversible data embedding using a difference expansion,” IEEE Trans. Circuits Syst. Video Technol., vol. 13, no. 8, pp. 890–896, Aug. 2003.
• W. Trappe and L. C. Washington, Introduction to Cryptography With Coding Theory. Bengaluru, India: Pearson Education, 2006.
• M. Van Droogenbroeck and R. Benedett, “Techniques for a selective encryption of uncompressed and compressed images,” in Proc. Adv. Concepts Intell. Vis. Syst. (ACIVS), Ghent, Belgium, 2002, pp. 90–97.
• X. Wu and W. Sun, “High-capacity reversible data hiding in encrypted images by prediction error,” Signal Process., vol. 104, pp. 387–400, Nov. 2014.
• D. Xu and R. Wang, “Separable and error-free reversible data hiding in encrypted images,” Signal Process., vol. 123, pp. 9–21, Jun. 2016.
• W. Zhang, K. Ma, and N. Yu, “Reversibility improved data hiding in encrypted images,” Signal Process., vol. 94, pp. 118–127, Jan. 2014.
• X. Zhang, “Reversible data hiding in encrypted image,” IEEE Signal Process. Lett., vol. 18, no. 4, pp. 255–258, Apr. 2011.
• X. Zhang, “Separable reversible data hiding in encrypted image,” IEEE Trans. Inf. Forensics Security, vol. 7, no. 2, pp. 826–832, Apr. 2012.
• X. Zhang, J. Long, Z. Wang, and H. Cheng, “Lossless and reversible data hiding in encrypted images with public-key cryptography,” IEEE Trans. Circuits Syst. Video Technol., vol. 26, no. 9, pp. 1622–1631, Sep. 2016.
• J. Zhou, W. Sun, L. Dong, X. Liu, O. C. Au, and Y. Y. Tang, “Secure reversible image data hiding over encrypted domain via key modulation,” IEEE Trans. Circuits Syst. Video Technol., vol. 26, no. 3, pp. 441–452, Mar. 2016.
Pauline Puteaux received the M.S. degree in computer science and applied mathematics, with specialization in cybersecurity from the University of Grenoble, France, in 2017. She is currently pursuing the Ph.D. degree with the Laboratory of Informatics, Robotics and Microelectronics of Montpellier, France. Her research interests include multimedia security, image analysis and processing in the encrypted domain.
William Puech received the diploma of Electri- cal Engineering from the Univ. Montpellier, France (1991) and a Ph.D. Degree in Signal-Image-Speech from the Polytechnic National Institute of Greno- ble, France (1997) with research activities in image processing and computer vision. He served as a Visiting Research Associate to the University of Thessaloniki, Greece. From 1997 to 2008, he has been an Associate Professor at the Univ. Montpellier, France. Since 2009, he is full Professor in image processing at the Univ. Montpellier, France. His
current interests are in the areas of image forensics and security for safe transfer, storage and visualization by combining data hiding, compression and cryptography. He is the head of the ICAR team (Image & Interaction) in the LIRMM, has published more than 40 journal papers and 120 conference papers and is associate editor for 5 journals (JASP, SPIC, SP, JVCIR and IEEE TDSC) in the areas of image forensics and security. Since 2017 he is the general chair of the IEEE Signal Processing French Chapter and since 2018 he is a member of the IEEE Information Forensics and Security TC.