Chapter 2

Digital Watermarking Techniques

In this chapter, some basic concepts about digital watermarking are described
in as general terms as possible. An introduction is given first. The classification
of watermarking, the functions provided by watermarking, and the benchmarks
and evaluating measurements for watermarking systems are then introduced in
the following sections.

2.1 What Is Digital Watermarking?

Watermarking is an old technique. It had been used widely in the past. A tra-
ditional and well-known example is the use of invisible ink. People wrote secret
information using invisible ink in order to avoid detection from prying eyes. From
a general point of view, the definition of watermarking may be thought of as a
method to insert or embed extra information into the media, and also to indicate
the method used to obtain the embedded information. The general definitions
of some common terms used in the area of watermarking are listed below.

Watermark: The information to be hidden. The term watermark also contains

a hint that the hidden information is transparent like water.
Cover Media: The media used for carrying the watermark. Sometimes the
terms original media and host media are used to express it.
Watermarked Data: The media which contains the watermark.
Embedding: The procedure used for inserting the watermark into the cover
media.
Extraction: The procedure used for extracting the embedded watermark from
the watermarked data.
Detection: The procedure used for detecting whether the given media contain-
ing a particular watermark.
Watermarking: The method which contains the embedding operator and the
extraction/detection operator.
Noise: The natural noise occurred to the watermarked data during transmis-
sion.

F.-H. Wang, J.-S. Pan, and L.C. Jain: Innovations in Dig. Watermark. Tech., SCI 232, pp. 11–26.
springerlink.com c Springer-Verlag Berlin Heidelberg 2009
12 Digital Watermarking Techniques

Attack: The artificial processes used for modifying the watermarked data in
order to destroy the watermark contained in the watermarked data.
Attacked Data: The watermarked data which contains natural noise and/or
artificial modification.
In the past decade, owing to the rapid-development of computer technology,
people had shifted their focus from traditional media to digital media. As a
result, watermarking techniques for digital data have been developed and have
become popular.

2.1.1 Elements of a Watermarking System

According to [3], a watermarking system is regarded as a communication system
consisting of three main parts: a transmitter, a communication channel, and a
receiver, as illustrated in Fig. 2.1.

Fig. 2.1. Elements of a watermarking system

The information-coding procedure encodes, compresses, and/or encrypts the

original watermark W according to a user key K1 . The data-embedding pro-
cedure then embeds the encoded result WC into the host data H according to
another user key K2 . The watermarked data HW is then delivered to the re-
ceiver via some kind of channel. During the transmission, some natural noise or

artificial attacks may occur, as a result the received data HW of the receiver
may be different from the output data HW of the transmitter. To recover the

information hidden in HW , the hidden-data-extraction procedure is executed. In
the above systems, ether K1 , K2 , or H may or may not have to be presented,
according to the algorithms used.

2.2 Types of Digital Watermarking Techniques

In this section, all the existing watermarking techniques are classified into several
categories according to different points of view [3] [11] [47] [59] [85].

2.2.1 Visible and Invisible

From the view point as to whether the embedded watermark can be seen by
bare human eyes or not, all watermarking techniques can be classified as visible
 Types of Digital Watermarking Techniques 13

techniques and invisible techniques. For example, Fig. 2.2(c) shows a picture
which contains a visible logo of University of South Australia (in short, UniSA)
in its top-left corner and Fig. 2.2(d) shows a picture which contains an invisible
watermark.

(a) (b)

(c) (d)

Fig. 2.2. An example of applying the visible watermarking technique and invisible
watermarking technique to a given picture. (a) The original picture. (b) The watermark.
(c) The watermarked picture containing a visible logo in its top-left corner. (d) The
watermarked picture containing an invisible watermark therein.

Obviously, at least two disadvantages exist in visible watermarking techniques:

(i) The visible watermark is not difficult to be removed. The methods proposed
in [38] or the image-cropping schemes illustrated in Fig. 2.3 can be used for
example.
(ii) The visible watermark degrades the visual quality of the host picture.
In the invisible type of watermarking techniques, the embedded watermark is
invisible. It is difficult to distinguish between the original image and the water-
marked image. Thus, it is not easy to remove or destroy the embedded watermark
without degrading the visual quality of the watermarked image significantly.
14 Digital Watermarking Techniques

Fig. 2.3. An example of removing the embedded watermark from the watermarked
picture

2.2.2 Detectable and Readable

From the view point as to what kind of information can be obtained from the
watermarked data, the watermarking techniques can be classified as detectable
techniques and readable techniques. Figure 2.4 illustrates the general distinction
between the two types of techniques.
In the detectable type of techniques, one can only verify if a specified signal
(the watermark) is contained in the cover work. In other words, the detectable
type of systems only gives a binary answer: yes or no. In contrast, the readable
watermarking systems extract and reveal the embedded watermark. As described
in Sect. 2.1, researchers use detection to illustrate the process of obtaining a
binary answer, and extraction to express the process of revealing the hidden
watermark.
For those techniques which belong to the detectable type, the embedded wa-
termark has to be presented during detection. This kind of technique is more
private since it is impossible for an attacker to guess the content of the embedded
watermark, especially if the embedded watermark is encrypted beforehand.

2.2.3 Spatial, Transform, and Quantisation

The question of where to hide the signal of the watermark may be divided
into three categories: spatial-domain-based techniques, transform-domain-based
techniques, and quantisation-domain-based techniques.
Generally speaking, the main concept of spatial-domain-based techniques [4]
is to modify the raw data (pixels) of the original host image directly when hid-
ing the watermark bits. The traditional method is to change the Last Significant
Bits (LSB) of certain pixels of the host image according to the watermark bits
(Sect. 4.2.1). For transform-domain-based techniques, the raw data of the host
image are first transformed into frequencies using the discrete cosine transform
(DCT) [2], the discrete wavelet transform (DWT) [87], or other types of trans-
forms. These frequencies are then modified according to the watermark bits so
that the goal of data hiding can be achieved. Then, the inverse transform is
 Types of Digital Watermarking Techniques 15

(a)

(b)

Fig. 2.4. The detectable and the readable watermarking systems

executed and a watermarked image is formed. The quantisation-domain-based

techniques, such as vector quantisation (VQ) [24], first quantify the host im-
age using the predefined code-vectors. The indices obtained are then modified
according to the watermark bits. The recovery process is finally performed to
reconstruct a watermarked image from these modified indices.
Comparing with the three types of techniques, spatial-based techniques pos-
sess the advantages including easy implementation, better visual quality, and
shorter coding time. However, they also have the disadvantages such as weak
robustness for example. The transform-based techniques usually have better ro-
bustness and good visual quality in watermarked result. However, they con-
sume more time in the transform and inverse-transform procedures. For the
quantisation-based techniques, the most significant feature is they enhance the
traditional quantisation systems the watermarking ability.

2.2.4 Robust, Semi-Fragile, and Fragile

Watermarking techniques can also be classified as robust, semi-fragile, and frag-

ile techniques, according to whether the techniques have strong resistance to
16 Digital Watermarking Techniques

natural noise and/or to artificial modification (named attack). If a watermark-

ing technique can detect or extract the hidden watermark successfully from the
watermarked data when noise and/or attack occurred, it is called a robust tech-
nique. In contrast, a watermarking technique that cannot resist noise or attacks
is called a fragile technique.
There are some watermarking techniques which have strong resistance to some
kinds of noise or attack but have weak resistance to other kinds of noise or attack.
Researchers named these watermarking techniques as semi-fragile techniques.

2.2.5 Blind and Non-blind

If a watermarking technique resorts to the comparison between the original non-

watermarked data and the watermarked one to recover the watermark, it can
be classified as blind technique and non-blind technique. A blind watermarking
technique requires no original data for detection or extraction. In contrast, a
non-blind watermarking technique requires the original data to be presented
during detection or extraction.
In real-world practices, non-blind watermarking algorithms are unsuitable for
many practical applications in that they require the non-watermarked data to
be presented during extraction or detection. Currently most researchers are fo-
cusing on blind watermarking techniques rather than non-blind watermarking
techniques.
In addition, definitions of blind and non-blind in nowadays have been ex-
tended. Some researchers think that if a watermarking technique requires the
present of any information used in embedding for watermark extraction, it then
should be classified as non-blind. Based on this definition, one watermarking
technique which requires no non-watermarked data but requires the knowledge
of embedding position when extraction, is regarded as a non-blind technique.

2.2.6 Public and Private

A watermark is named private if only the authorized users can recover it. In
other words, it is impossible for unauthorized people to extract the information
hidden within the host data. By contrast, a watermarking technique that allows
anyone to read the embedded watermark is referred as a public watermarking
technique.
From the view point of information theory, security cannot be based on algo-
rithms but rather on the choice of the user key. Therefore, researchers believe
that private watermarking techniques have superior robustness when compared
to public watermarking techniques.

2.2.7 Symmetric and Asymmetric

A watermarking algorithm is called symmetric if the detection/extraction pro-

cess makes use of the same set of parameters used in the embedding process.
Here the parameters include the secret keys and other information which may
 What Can Digital Watermarking Do? 17

be used to define the embedding position and the embedding process. In con-
trast, a watermarking algorithm is said asymmetric if it uses different keys and
parameters for the embedding and the detection/extraction operations.
Researchers believe, for symmetric watermarking techniques a knowledge of
these parameters is likely to give pirates enough information to remove the wa-
termark from the watermarked data. Therefore, increasing attention has been
given to asymmetric watermarking schemes. Generally speaking, asymmetric
watermarking algorithms use a private key for watermark embedding and use a
public key for watermark detection/extraction.

2.2.8 Reversible and Non-reversible

A watermarking algorithm is said reversible if the watermarked signal can be con-
verted to a non-watermarked signal after the embedded watermark is extracted.
By contrast, watermarking algorithms that can not convert the watermarked
signal to a non-watermarked signal are named non-reversible watermarking
algorithms.
Currently, most of the existing watermarking algorithms are non-reversible
algorithms, since the selected signals of the cover media have been changed
permanently for carrying the watermark bits.

2.3 What Can Digital Watermarking Do?

In the past decade, digital watermarking had been investigated and utilized for
a number of different purposes. In this section, we present some common areas
served by digital watermarking in order to highlight its usefulness.

2.3.1 Data Hiding

As described previously, digital watermarking can be used for data hiding. For
example, a secret message such as “Meet at 13:30, old place” may be regarded
as the watermark and hidden in a cover picture, as shown in Fig. 2.5. The
watermarked picture is then delivered to the receiver without becoming obvious.

Fig. 2.5. An example of using digital watermarking for data hiding. The secret message
“Meet at 13:30, old place” is embedded in the cover image.
18 Digital Watermarking Techniques

2.3.2 Information Integration

People sometimes wish to attach information such as the title, the date, and
the place to a digital photo for example. This information is sometimes stored
in separate digital files attached to the original photo, and is sometimes saved
within the photo directly. Figure 2.6 shows the examples of these two methods
used on a digital photo.
For the first method, the extra separate file sometimes causes problems such
as not easy to maintain. In the second method, the added comments sometimes
cause unacceptable degradation. To solve these problems, invisible and readable
watermarking techniques can be employed.
Similar to the first application that uses watermarking for the purpose of
data hiding, the comments or notes for the photo are regarded as a watermark.
It is then embedded into the original photo using the invisible and readable
watermarking technique. This achieves the goal of information integration, as
illustrated in the example shown in Fig. 2.7.
Note, different from saving the extra information in the header of the picture
file (for example, photo saved in JPEG format allows extra information to be
stored in its EXIF section of the header), digital watermarking techniques embed
the information within the graphic data itself.

(a)

(b)

Fig. 2.6. Methods used for commenting a digital photo: (a) Saving the information as
a separate text file, and (b) adding the information directly to the photo, where the
pixels under the text are then obscured.
 What Can Digital Watermarking Do? 19

Fig. 2.7. The example of information integration using the invisible and readable
watermarking technique. The information for the photo is embedded within the photo.

2.3.3 Intellectual Property Rights (IPR) Protection

Due to the popularity of the Internet, the rapid-development of digital tech-

niques, and the easy-distribution of digital assets, digital watermarking is used
to protect intellectual property rights. The creators or legitimate owners of the
digital works who want to protect their rights can insert watermarks within their
works. Users who plan to make illegal copies of the watermarked works will not
be succeed because the machines detect the copyright watermarks and abort the
copying procedure.
To implement this concept upon digital products such as DVD or computer
software, some related issues such as industry establishment of standards, legis-
lation, and cooperation of hardware manufactures, have to be established. Cur-
rently, many issues relating to IPR protection are still proceeding.

2.3.4 Ownership Demonstration

Another classical use is ownership demonstration. The authors of the digital

works can embed their own logos or marks within their works to show who the
creators or owners are, no matter whether their watermarked works have been
modified or not. An example shown in Fig. 2.8 demonstrates such an application.
In this example, the creator of Fig. 2.8(a) embeds his name (Fig. 2.8(b)) within
this photo. Afterwards, even someone modifies this watermarked photo, the cre-
ator can still extract his name from the attacked photo to show the creator of
the photo is H. Poirot (Fig. 2.8(c)). In addition, due to the watermarked image
has been modified, the extracted watermark therefore contains distortion.

2.3.5 Tampering Verification

Today modifying or tampering with a digital source using computers is not

difficult. Consequently, information technology experts warn people not to trust
completely what they see in digital form. For the users who want to know whether
the data are trust worthy, fragile watermarking techniques provide a possible
solution.
20 Digital Watermarking Techniques

(a) (b)

(c)

Fig. 2.8. An example of ownership demonstration using digital watermarking. (a) The
original image. (b) The watermark which indicates the author or owner. (c) The wa-
termark extracted from the watermarked image.

For example if say Bob wants to send a digital file to Alice. He embeds a fragile
watermark in the file and delivers it to Alice by a channel which could be the
Internet. Before Alice receives the file, John happens to obtain the watermarked
file. He modifies the content of the file and sends it to Alice afterwards. When
Alice receives the corrupted file she has no idea as to whether the content is
dependable. She therefore verifies if the received file contains the watermark. Due
to the fragile nature of the watermark, it has weak resistance against tampering,
Alice is unable to find any watermark. She knows immediately that the file she
has received had been tampered with.

2.4 Benchmarks and Evaluating Functions

In this section, the benchmarks and evaluating functions for digital watermarking
techniques are introduced. The brief introduction for some developed tools and
software is also given.

2.4.1 Benchmarks
To evaluate whether a watermarking algorithm has good performance or not,
the points outlined in the following sections are usually considered.
 Benchmarks and Evaluating Functions 21

A. Imperceptibility

Imperceptibility, or transparency, refers to the visual quality of the watermarked

result. As stated previously, digital watermarking modifies the host data so that
the watermark is not visible to the normal observer. Obviously, there must be
some distortion to the host signal caused by the modification. Researchers there-
fore consider a watermarking algorithm is good if the distortion is minimal.
For image watermarking, the most well-known functions for evaluating visual
quality are: the Euclidean distance (ED), the mean-square error (MSE), the
normalized correction (NC), and the peak-signal-to-noise ratio (PSNR). The
definitions of these functions are given in Eqs. (2.1)–(2.4) respectively.


M 
N
ED(X, X ) = (X(i, j) − X  (i, j))2 . (2.1)
i j

ED(X, X )
MSE(X, X ) = . (2.2)
M ×N

M N 
 i j (X(i, j) × X (i, j))
NC(X, X ) = M N 2
. (2.3)
i j (X(i, j)

2552
PSNR(X, X ) = 10 × log10 . (2.4)
MSE(X, X )

Here X and X denote the original image and the processed image, M and N
denote the width and height of the images, and X(i, j) and X  (i, j) denote the
pixel at position (i, j) of X and X respectively.
In addition, for those digital images in binary format, the Hamming distance
(HD), the bit error rate (BER), and the bit correct rate (BCR) can be used:


M 
N
HD(Y, Y ) = |Y (i, j) − Y  (i, j)|. (2.5)
i j

HD(Y, Y )
BER(Y, Y ) = × 100%. (2.6)
M ×N

HD(Y, Y )
BCR(Y, Y ) = (1 − ) × 100%. (2.7)
M ×N
In these equations, Y and Y denote the original image and the processed image,
M and N denote the width and height of the images, and Y (i, j) and Y  (i, j)
denote the pixel at position (i, j) of Y and Y respectively.
22 Digital Watermarking Techniques

B. Robustness

In some applications, the ability of the embedded watermark to survive noise

or attacks is important. To determine whether a watermarking algorithm has
adequate robustness, researchers usually employ a number of processes such as
image processing methods to attack the watermarked data and to observe if the
embedded watermark can be detected or extracted successfully.
From the experimental results provided in literature research, a greater ro-
bustness usually means the visual quality of the watermarked result is degraded.

C. Capacity

Capacity denotes the number of bits the watermarking algorithm can embed
within the host data. Obviously, the more bits embedded, the better capacity
the watermarking algorithm has. However, it is believed that embedding more
bits results in poorer visual quality of watermarked images.

D. Security

Security is used for expressing how well the hidden watermark can be protected.
Usually, researchers evaluate the security of a watermarking algorithm by cal-
culating using how many CPU cycles or how long it takes to break the water-
marking algorithm or to reveal the hidden watermark.

E. Coding Time

Coding time denotes the time consumed by the embedding procedure and the
detection/extraction procedure. In some cases, people are more concerned over
the detection/extraction time than the embedding time, since the embedding
procedure may only be performed once.

F. Summary

There are other points which can be used for evaluating the performance of a
watermarking algorithm. These include the material such as that contained in
References [3] and [62]. Generally, researchers will not determine a watermark-
ing algorithm to be good or bad only from a consideration of the points listed
above. Instead, they prefer to consider other factor such as what application the
watermarking algorithm is served. For example, for the purpose of tampering ver-
ification (Sect. 2.3.5) using digital watermarking, a robust watermarking scheme
becomes useless since tampering verification requires the feature of fragile.

2.4.2 Attack Schemes

Robustness is one of the important features of digital watermarking. Thus, we
introduce the common methods used for attacking watermarked images.
 Benchmarks and Evaluating Functions 23

A. Compression

Image compression is a common method used for attacking watermarked images.

Usually image compression algorithms remove the redundant signals (e.g., high
frequency) from the input images to achieve data compression. Consequently, it
is useful when attacking watermarked images.
In addition, for image processing, the JPEG compression [6] [12] and the VQ
compression [24] are the most well-known and commonly used.

B. Spatial Filtering

Using spatial masks for image processing is usually called spatial filtering. The
masks themselves are called spatial filters [27]. The basic approach when us-
ing spatial filtering is to sum products between the mask coefficients and the
luminance of the pixels under the mask at a specific location in the image.
The most common filters are low-pass filtering, high-pass filtering, and median
filtering. The masks of window size = 3 for low-pass filtering and high-pass
filtering are expressed by Eqs. (2.8) and (2.9) respectively.
⎡ ⎤
1 1 1
⎢ ⎥
1 ⎢ ⎥
⎢
9 ⎣ 1 1 1 ⎥. (2.8)
⎦
1 1 1

⎡ ⎤
−1 −1 −1
⎢ ⎥
⎢ ⎥
1
⎢ −1 8 −1 ⎥ . (2.9)
9 ⎣ ⎦
−1 −1 −1

For median filtering, the luminance of each pixel is replaced by the median of
the gray levels in the range of the (n × n) spatial mask centering around that
pixel.

C. Cropping

Another popular scheme of attack is to alter the watermarked images by crop-

ping. In our simulation, for simplicity we crop the bottom-left hand quarter of
the watermarked image and replace it with an all-black image.
Researchers in general believe that by applying the concepts of spread spec-
trum from communications [10] and by making use of the linear feedback shift
registers to disperse the spatial domain relationships in the original images [61],
the affect of image-cropping schemes may be reduced.
24 Digital Watermarking Techniques

D. Shifting

The attackers may move the watermarked image horizontally and vertically to
destroy the watermark information conveyed. If the attacker shifts the water-
marked image h pixels to the right and v pixels downwards, the shifted image
may be represented by:

X (i, j) = X (i − v, j − h), (2.10)

where X is the watermarked image and X is the shifted result.

Generally speaking, for block-based watermarking algorithms such as the VQ-
based or the DCT-based watermarking algorithms, image shifting usually causes
the watermark extracting algorithm to lose the synchronization with the water-
marked image.

E. Rotation

Rotating the watermarked images is also a common method considered by at-

tackers. For a watermarked image X with size (M ×N ) pixels, the rotated result
X can be expressed by:

M−1 −1
X = {X  (i, j)}
i=0 j=0

M−1 −1
= {X  (i cos θ, j sin θ)} , (2.11)
i=0 j=0

where θ denotes the rotation angle.

In practical implementations, some parts of the attacked image may not have
any value for representing its luminance after rotation. For simplicity, people
usually interpolate the neighboring pixels to present the luminance if the miss-
ing pixels are inside the watermarked image; otherwise, the luminance of these
regions may be set to zero.

F. Summary

Attacking watermarked images or removing the embedded watermark signals

from the watermarked images is another topic for robust watermarking algo-
rithms. Some researchers have paid attention to this topic and have proposed
the attack schemes [54] [89]. Here we have only briefly introduced the common
and well-known methods.
It is thought that there is no watermarking algorithm which can thwart all
of the attacking schemes. Researchers therefore are more concerned in design-
ing and discovering new watermarking algorithms to resist particular kinds of
attacks.
 Benchmarks and Evaluating Functions 25

2.4.3 Packages and Tools for Evaluation

In this section, some software and computer programs developed to attack wa-
termarked images are introduced. The main aim of the software is to remove
the watermark signal from the assigned watermarked images by employing the
possible image processing functions, such as those mentioned in Sect. 2.4.2.
There is no known watermarking algorithm which can survive all the attacking
schemes, as noted in the summary section of Sect. 2.4.2.

A. Stirmark

The most well-known tool used for attacking watermarked images is Stirmark [63].
It offers many attack schemes including those mentioned in Sect. 2.4.2 and others
such as image resizing, luminance scaling, shearing, line deletion for example.

B. Optimark

Optimark [80] is another powerful benchmark package which provides a graph-

ical user interface and similar attack schemes to Stirmark. To use this package,
the users first have to assign the embedding and the detection/extraction exe-
cutable programs, the test images, and other parameters. The attacks will be ex-
ecuted then. Optimark is believed to be the most complete benchmark package so
far [67].

C. Checkmark

Checkmark [70] is similar to Stirmark. It incorporates a number of new at-

tacks such as wavelet compression, projective transforms, down/up sampling for
example.

D. Certimark

Certimark [64] is popular owing to its open architecture. It allows new func-
tionalities to be integrated easily and provides flexible interface to be plugged-in
watermarking software.

E. Image Processing Software

Another method to test robustness is by employing some image processing soft-

ware such as PhotoShop1 , PhotoImpact2 , or PhotoCap 3 for example. The users
must employ the considered image processing schemes provided by the soft-
ware manually to attack their watermarked images. They then perform their
1
The trademark of this software is belonging to Adobe Inc.
2
The trademark of this software is belonging to Ulead Inc.
3
This is a free and green software designed by my colleague Johnson Wang.
26 Digital Watermarking Techniques

watermarking programs to extract/detect the embedded watermarks from the

attacked images. By calculating the quality of the extracted/detected results,
the users know if their watermarking algorithms have strong robustness against
the attacking schemes considered.

2.5 Summary

In this chapter, the background information of digital watermarking such as

benchmarks, applications, and classification have been introduced. According to
the classifications and applications given in Sects. 2.2 and 2.3, new watermarking
schemes can be developed to utilize the properties of the existing watermarking
techniques. In addition, using the benchmarks and attack schemes presented in
Sect. 2.4, the existing watermarking schemes may be improved and modified for
better performance.