An Efficient MSB Prediction-Based Method for High-Capacity Reversible Data Hiding
in Encrypted Images
Pauline Puteaux, Student Member, IEEE, and William Puech , Senior Member, IEEE
Abstract— Reversible data hiding in encrypted images (RDHEI) is an effective technique to embed data in the encrypted domain. An original image is encrypted with a secret key and during or after its transmission, it is possible to embed additional information in the encrypted image, without knowing the encryp- tion key or the original content of the image. During the decoding process, the secret message can be extracted and the original image can be reconstructed. In the last few years, RDHEI has started to draw research interest. Indeed, with the development of cloud computing, data privacy has become a real issue. However, none ofthe existing methods allowus to hide a large amountof information in a reversible manner. In this paper, we proposea new reversible method based on MSB (most significant bit) prediction with a very high capacity. We present two approaches, these are: high capacity reversible data hiding approach with correction of prediction errors and high capacity reversible data hiding approach with embedded prediction errors. With this method, regardless of the approach used, our results are better than those obtained with current state of the art methods, bothin terms of reconstructed image quality and embedding capacity.
Index Terms— Image encryption, image security, reversible data hiding, MSB prediction.
•D
D
IGITAL image security plays a significant role in all fields, especially in highly confidential areas like the military and medical worlds. With the development of cloud computing, the growth in information technology has led to serious security problems where confidentiality, authentication and integrity are constantly threatened, by illegal activities like hacking, copying or malicious use of information. The aimofencryptionmethodsisto guarantee dataprivacy by fully or partially randomizing the content of original images [25]. During the transmission or the archiving of encrypted images, it is often necessary to analyze or to process them without knowing the original content, or the secret key
used during the encryption phase [4].
Manuscript received July 19, 2017; revised October 30, 2017 and
December 22, 2017; accepted January 1, 2018. Date of publication January 29, 2018; date of current version March 2, 2018. The associate editor coordinating the review of this manuscript and approving it for publication was Prof. Xinpeng Zhang. (Corresponding author: William Puech.)
The authors are with the Laboratoire d’Informatique, de Robotique et de Microlectronique de Montpellier, Centre National de la Recherche Sci- entifique, University of Montpellier, 34095 Montpellier, France (e-mail: [email protected]; [email protected]).
Color versions of one or more of the figures in this paper are available online at http://ieeexplore.ieee.org.
Digital Object Identifier 10.1109/TIFS.2018.2799381
In particular, methods of reversible data hiding in the encrypted domain (RDHEI) have been designed for data enrichment and authentication in the encrypted domain, when the encryption phase is necessarilydoneinthefirstplace as, for example, in a cloud computing scenario. Without knowing the original content of the image or the secret key used to encrypt the image, it is then possible to embeda secret message in the encrypted image. During the decoding phase, the original image must be perfectly recoverable and the secret message must be extracted without error. Therefore, there exists a trade-off between the embedding capacity and the quality of the reconstructed image. In recent years, many methods have been designed. The space to embed the message may be vacated after or before the encryption phase and, during the decoding phase, image reconstruction and data extraction can be processed at the same time [17], [27] or separately [12], [27], [28].
≈
≈
In this paper, we present a new high capacity reversible data hiding scheme for encrypted images based on MSB prediction. Due to the local correlation between a pixel and its neighbors in a clear image, two adjacent pixel values are veryclose.For this reason, it seems natural to predict a pixel value by using already decrypted previous ones, as inmany methodsof image coding and compression. However, in some cases, there are some errors. So, the first step of our method consists of identifying all the prediction errors in the original image
1556-6013 © 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
Fig. 1. Two possible RDHEI schemes: a) Vacating room after encryption (VRAE) and b) Reserving room before encryption (RRBE).
and to store this information in an error location binary map (note that using overhead such an additional map is not necessary for our proposed method). After that, we propose two different approaches: the CPE-HCRDH (high-capacity reversible data hiding with correction of predictionerrors) and the EPE-HCRDH (high-capacity reversible data hiding with embedded prediction errors). The CPE-HCRDH approach consists of correcting the prediction errors (CPE) before encryption. According to the error location map, the original image is pre-processed inordertoavoidallthepredic-tion errors and then, thepre-processed image isencrypted.In the EPE-HCRDH approach, the original image is directly encrypted, but after the encryption step, the location of the prediction errors is embedded (EPE). During the data hiding phase, in both approaches, the MSBofeach available pixelis substituted in the encrypted image by a bit of the secret message. At the end of the process, the embedded data can be extracted without any errors and the clear image can be reconstructed losslessly by using MSB prediction.
The rest of the paper is organized as follows. Section II gives an overview of related work on reversible data hiding in encrypted images. Then, the proposed method is described in detail in Section III. Experimental results and analysis are provided in Section IV. Finally, the conclusion is drawn and future work is proposed in Section V.
•RELATED WORK
Reversible data hiding (RDH) is particularly suitable for authentication and data enrichment. It consists ofembed-ding a hidden message into an image. At the end of
the process, itispossibletoextractthesecretmessageand to recover losslessly the original image. Methods are based on lossless compression appending, difference expan- sion [23], [24], histogram shifting [5], [15], [22] or a combination of these schemes [16], [21]. Also, by random- izing the content of anoriginal image,encryption providesin particular visual confidentiality. Cryptosystems can be divided into two groups according to the method used: block cipher, or stream cipher [25].Furthermore,encryptioncan be selective, when only certain details are hidden in the encrypted image [9], [18], [26], or fully when the global meaning of the image is kept entirely secret [13]. Sometimes, it is necessary to be able to analyze or process encrypted images without knowing the original content, or the secret key used during the encryption phase. Many applications exist, such as visual secret sharing (VSS) [3], [14], research and indexing in encrypted databases [7], [11] or recompression of crypto-compressed images [8].
For image notation or authentication purposes in the encrypted domain, reversible datahidinginencrypted images (RDHEI) methods have been proposed. They allow embed data in the encrypted domain without knowing the content of the clear image nor the encryption key. After the extraction of the message, it must be possible to reconstruct without distorting the original image. The challenge lies in finding the best trade-off betweentheembeddingrate–also called payload – (in bpp), and the recovered image quality (in terms of PSNR orSSIM). Thesetechniques can be classified into two categories, depending if the room is vacated after the encryption phase (VRAE) or reserved before image encryption (RRBE), as presented in Fig. 1. In addition,
encryption and data hiding can be a joint process, when data extraction and original image reconstruction are completed at the same time, or separately.
×
×
Ma et al. [12] were the first to describe a RRBEtech-nique [12]. They proposed to release a part of the original image by applying a RDH method of histogram shifting. After that, they encrypted the image and then inserted information by substituting some LSB values in the encryptedimage. With this method, the payload is higher than in previous methods (0.5 bpp) but the reconstructed image is alteredwhen compared with the original (PSNR close to 40 dB). Zhang et al. [29] analyzed the prediction errors (PE) of some pixels and made space to hide data by using PE-histogram shifting before image encryption . Zhang [31] designed a separable method, where a part of the encrypted image was compressed to vacate room for the message embedding. In this case, data extraction can be done before or after image decryption. Xu and Wang [28], propose a new method based on histogram shiftinganddifference expansion. Theyuseda stream cipher during the encryption phase and designed a specific encryption mode in order to encrypt the interpolation- error. Cao et al.[2],proposeasparsecodingtechnique.By exploiting the local correlation between pixels, they could vacate a large space to hide information. Qian and Zhang [20], described a method based on distributed source coding (DSC). They first encrypted the original image with a stream cipher and, after that, they compress some bits of the MSB planes to make room for the secret data. Zhang et al. [32], encrypted the cover image by using public key cryptography with probabilis- tic and homomorphic properties. After the encryption phase, they embed data in the LSB planes of the encrypted pixels. During the decoding phase, as the introduced distortion was quite low, the embedded data is extracted and the original image was recovered losslessly.
Wu and Sun [27], propose an advanced method, developed in two ways. The first approach is joint. They encrypted the original image in the same way as Zhang [31] and, according to a data hiding key, selectedsomepixelstoconcealdata by histogram shifting. The second approach is separable: they hid bits of the secret message by MSB substitution. Duringthe decoding phase, a median filter is applied on the marked image. Although the embedding capacity of this scheme was described as high, it is only possible to embed 0.1563 bpp at most.
•PROPOSED RDHEI METHOD WITH HIGH CAPACITY
None of the existing methods succeed in combining high embedding capacity (near 1 bpp) and high visual quality (greater than 50 dB). In most cases, the methods based on prediction error analysis (PE) or using a histogram shifting technique, the LSB values of some pixels are replaced to hide bits of the secret message. However, if an image is encrypted, it is difficult to detect if it contains a hidden message or not.In fact, the pixel values of an encrypted image are pseudo- randomly generated. So, there is no correlation between a pixel and its adjacent neighbors. For this reason, we propose to use the MSB values instead of the LSB values to embed the hidden message. With this approach, in the encrypted domain, confidentiality is still the same andduringthedecryption, the prediction of the MSB values is easier to obtain than those of the LSB.
→ +∞
→ +∞
•Overview of the Proposed Method
×
×
Fig. 2.Overviewof the generalencoding method.
person could embed a message by using a data hiding key Kw, without knowing Ke. After this process, we obtain a marked encrypted image Iew , which has exactly the same size as the original image.
•Prediction Error Detection: In this method, since we propose to embed the secret message by MSBsubstitution, the original MSB values are lost after the data hiding step. It is important, during the decoding phase, to be able to predict them without any errors. Indeed, in order to reconstruct the original image, we propose to use the previous pixels to predict the current pixel value. So, the first step consists of analyzing the original image content to detect all the possible prediction errors:
•≤
≤
≤=
≤=
+
+
•From the previously scanned neighbors of p(i, j ), com- pute the value pred(i, j ) which is considered as a pre- dictor during the decoding step.
•Calculate the absolute difference between pred(i, j ) and p(i, j ) and between pred(i, j ) and inv(i, j ). Record the results as O and Oinv , so that:
Fig.3.Encryption step.
Note that since the encryption phase is fully reversible without overflow, it is then possible to recover the clear image without any alteration. Moreover, we also observe that even if we use a chaotic generator in our method, it is quite possible to generate a pseudo-random sequence with a cryptographically secure pseudo-random number generator (CSPRNG), or for example to use the AES algorithm in OFB mode. The only requirement is to use a stream cipher during the encryption phase.
3) Data Embedding: In the data embedding phase, it is possible to embed data in the encrypted image without know- ing either the encryption key Ke used during thepreviousstep or the original content of the image. By using the data hiding key Kw, the to-be-inserted message is first encrypted in order to prevent its detection after embedding in the marked encryptedimage.Next,pixelsoftheencryptedimageare
scanned from left to right, then from top to bottom (scan line
O
O
v = | pred(i, j ) − inv(i, j )| .
v = | pred(i, j ) − inv(i, j )| .
(1)
one bit bk , with 0 ≤ k < m × n, of the secret message:one bit bk , with 0 ≤ k < m × n, of the secret message:•Compare the values of O and Oinv . If O < Oinv , there is no prediction error because the original value of p(i, j ) is
pew
(i, j ) = bk × 128 + ( pe(i, j ) mod 128).(3)closer to its predictor than the inverse value. Otherwise, there is an error and we store this information into an error location binary map (note that using overhead such an additional map is not necessary for our proposed method), as illustrated in Fig. 2.==pe(i, j ) = s(i, j ) ⊕ p(i, j ).(2)
Note thatonlythe firstpixel cannot be marked becauseits value is not predictable, thus its value must not bechanged.4)Data Extraction and Image Recovery:Forthe decodingphase, since our method is separable, we can extract the secret message and reconstruct the clear image I˜ separately.I˜ maybeexactlyliketheoriginalimageI itselforaprocessed imageI jvery similartothe original image, depending upon which approach is used. There are three possible outcomes:•the recipient has only thedata hiding keyKw,•the recipient has only the encryption key Ke,•the recipient has both keys.An overview of the decoding method is presented in Fig. 4. If the recipient only has Kw, the pixels from the marked encrypted image are scanned in the scan line order and theFig. 4. Overview of the decoding method.MSB of each pixel are extracted in order to retrieve the encrypted secret message:≤×≤×Then, by using the data hiding key Kw, the correspondingplaintext can be obtained.In thesecondscenario,iftherecipientonlyhasKe,the image I˜ can be reconstructed, before the data hiding andthe encryption steps, by proceeding as follows:•The encryption key Ke is used to generate the sequence×וThe pixels of the marked encrypted image are scanned in the scan line order, and for each pixel, the seven LSB are retrieved by XORing the marked encrypted value pew(i, j ) with the associated binary sequence s(i, j ) inthe pseudo-random stream:•
Used Predictor: As explained intheSectionIII-A.1, we proposed to usethe previous pixels topredict the valueof the current pixel. For this approach (except for the first row and the first column) we consider the average of the left and the top pixels as a predictor pred(i, j ) for example:==Indeed, using the average value as apredictor mitigatesthe to-be-performed pixel modification when there is an error, especially when there is a high difference between the current pixel value and one of its neighboring values.•Image Pre-Processing: After the prediction error detec- tion phase, we propose to pre-process the original image I in order to obtain an image I j without any prediction errors. Foreach problematic pixel, we observe the amplitude of the error and we compute the value of the minimal pixel modification necessary to avoid this error. Eq. (9) shows the provision necessary to have no prediction errors during the decoding phase:| pred(i, j ) − p(i, j )| < 64.(9)The detailed pre-processing algorithm to correct all the prediction errors is presented in Algorithm 1.Algorithm 1 Pre-Processing AlgorithmRequire: Original m × n image I←+←+p˜(i, j ) = s(i, j ) ⊕ pew(i, j ),(5)
for i ← 0 to m do for j ← 0 to n do⊕⊕•The MSB value is predicted:•With the values of the previously decrypted adjacentpixels, the value of the predictor pred(i, j ) is computed.•The pixel value is considered with MSB = 0 and with MSB = 1 and the differences between each
inv(i, j )( p(i, j )128) mod 256;====special processing;else←←end if← |−|← |−|of these two values and pred(i, j ) are calculated.These values are recorded as O0 and O1:….(6)(6)⎩ O1 = . pred(i, j ) − p˜(i, j )MS B=1. .⎩ O1 = . pred(i, j ) − p˜(i, j )MS B=1. .
Ovpred(i, j )inv(i, j ) ;≥≥if p(i, j)< 128 then←−←−pj(i, j )pred(i, j )63;elsepj(i, j )pred(i, j )63;else•The smallest value between O0.=.=
and O1
gives the
pj(i, j )pred(i, j )63;←+←+←←p˜(i, j )
p˜(i, j )MSB=0, if O0 < O1,p˜(i, j )MSB=1, else.
(7)
pj(i, j )p(i, j );end if end for•CPE-HCRDH ApproachIn the CPE-HCRDH approach (high-capacity reversible data hiding approach with correction of prediction errors), as shown in Fig. 5, we first pre-process the original image to avoid all the prediction errors in order to be able to reconstruct the image during the decoding step. After this process, we can encrypt the pre-processed image without any problems. During the embedding phase, all the pixels of the encrypted image are marked with one bit of the message. Using this approach, we have a maximal payload, equal to 1 bpp.
end forFor example, if we have p(i, j ) = 50, p(i − 1, j ) = 78 andp(i, j − 1) = 154, then:inv(i, j ) = (50 + 128) mod 256 = 178,22We compute O and Oinv :O = |116 − 50| = 66, Oinv = |116 − 178| = 62.Fig. 5.CPE-HCRDH approachencoding phase.Fig. 6.EPE-HCRDH approachencoding phase.≥≥pred(i, j ) − p(i, j)< p(i, j ) + 128 − pred(i, j ).By developing this expression, we obtain:p(i, j)> pred(i, j ) − 64.
The modification of p(i, j ) which minimizes distortion is also:
pj(i, j ) = pred(i, j ) − 63 = 116 − 63 = 53.
Afterthisphase, thepre-processing imageI jisencrypted accordingtoEq.(2).Then,weperformthedatahidingby embeddingonebitofthesecretmessageineachpixelof
theencryptedimageIejbyMSBsubstitution,byfollowing Eq. (3). We then obtain the marked encrypted image Iejwwith
a maximum payload of 1 bpp.
3) Data Extraction and Image Recovery:During the decod- ing phase, to extract the secret message, the marked encrypted imageIejw isscannedandtheMSBofeachpixelissim-
ply extracted by using Eq. (4). On the other hand, the pre-processedimage I j canbereconstructedwithoutany alteration.WefirstdecryptthemarkedencryptedimageIejw toobtainthesevenlesssignificantbits(Eq.(5))and,then,
we predict the MSB value, according to Eq. (6) and Eq. (7). The reconstructed image is very similar to the original one.
•EPE-HCRDH Approach
In the EPE-HCRDH approach (high-capacity reversible data hiding approach with embedded prediction errors), the main goal is to exactly reconstruct the original image. In this case, the payload could decrease a little because of the storage of the error location information. In order to highlight the prediction errors, we adapt the to-be-inserted information according to the error location binary map, built during the prediction error
detection phase. Then, the original image is encrypted and immediately after, the error location information is embedded in the encrypted image. During the data hiding step, we can only hide bits of the secret message in the available pixels. At the end of the decoding step, with the help of the location error information, the original image can be reconstructed without any visible alteration, which is indicated by a PSNR which tends to . A global scheme of thisapproach is presented in Fig. 6.
•−
−
−
−
+∞
+∞
If| p(i − 1, j ) − p(i, j )| < | p(i, j − 1) − p(i, j )| ,then,pred(i, j ) = p(i − 1, j ),(10)else,pred(i, j ) = p(i, j − 1).In some cases, the other value can be chosen as a predictor for the inverse pixel value inv(i, j ) during the prediction error detection phase, but the result will remain the same. Note that it is also possible to use the average value of the left and the top pixels as a predictor, like in the CPE-HCRDH approach, but experimentally, we note that results are slightly less good.•Embedding of the Error Location Information: During prediction error detection, the location of the prediction errors is stored in the error location binary map, as explained in Section III-A.1. Then, the original image I is encrypted by using Eq. (2). Before the embedding step, the encryptedimage Ie is adapted to avoid prediction errors. The encrypted image Ie is then divided into blocks of eight pixels and scanned, block by block, in the scan lineorder. If atleastone prediction error is identified in a block according to the error location binary map, the current block issurroundedbyFig. 7. Prediction error highlighting.2828Then,theencryptedimageIejisobtained,wherethepre-dictionerrorsarehighlighted.Usingthistechnique, duringthe data hiding phase, the person who wants to mark the image can extract the MSB value of each pixel and use the error location information to detect where it is possible to embed bits of the secret message (i.e. in all the blocks where there is no prediction error and which do not serve as flags). All the available pixels are then marked to obtain the marked encrypted image Iew , by using Eq. (3).•Data Extraction and Image Recovery: During the decod- ing step, the secret message can be extracted by following these steps:•The pixels of the marked-encrypted image Iew arescannedinthescan line orderandfor each pixel, the MSB value is extracted, according to Eq. (4), and stored. We assume that before the first sequence of eight MSB equal to 1, the extracted values are bits of the embedded message.•When such a sequence is encountered, it indicates the beginning of an error sequence. Since the next pixels are not marked during the data hiding step, pixels are scanned until the next sequence where eight MSB are equal to 1, which indicates the end of the error sequence.•This process is repeated until the end of the image. Conversely, as this method is fully reversible, the original imageIcan beperfectly reconstructed. Firstly, themarkedencrypted imageIewisdecrypted torecover theseven LSB
Fig. 8. Original image I from the BOWS-2 database [1].of each pixel, by using Eq. (5). Then, the MSB values of the pixels are predicted with Eq. (6) and Eq. (7).•EXPERIMENTAL RESULTSIn this section, we present the results we obtained by applying our method with the CPE-HCRDH approach (high- capacity reversible data hiding approach with correction of prediction errors) and the EPE-HCRDH approach (high- capacity reversible data hiding approach with embedded prediction errors). SectionIV-Agivesafullexamplefor the two approaches and shows the obtainedresultson10,000imagesfrom the BOWS-2 database [1]. Then, in Section IV-B, we perform a statistical analysis in order to test the visual security of our method. Finally, in Section IV-C, we compare our two approaches with related methods and discuss its efficiency.For data hiding in encrypted images, we have to measure different performances which are the number of incorrect extracted bits, the payload (i.e. embedding rate) and the recon- structed image quality after data extraction. We are interested to discover the best trade-off between all these parameters.The payload is expressed in bit per pixel (bpp) and is expected to be as large as possible in order to conceal the max- imum amount of information. To evaluate the reconstructed image quality in comparison to theoriginalone,weusetwo metrics with full reference which are peak-signal-to-noise ratio (PSNR) and structural similarity (SSIM).•A Detailed Example for the Two Proposed Approaches××====and Fig. 10.a, in white, we can see the location of all the pixels with prediction errors. We can observe that, in thesetwo approaches, we have neither the same prediction errors, nor the same number of errors, because we do not use the same predictor, as explained in Section III-B.1 and Section III-C.1. But globally they are in the same order of magnitude.In the CPE-HCRDH approach (Fig. 9.a), they are pixels of the original image whose the MSB would be badly predicted if we do not adapt their values during the pre-processing phase. In the EPE-HCRDH approach (Fig. 10.a), they indicate all the pixels which will not be marked. Indeed, in addition, in grey==b)Histogramoftheestimatedpredictionerrors,c)Pre-processedimageI j,PSNR = 46.87 dB, d) Encrypted imageIej , e) Marked encrypted imageIejw ,f) ReconstructedimageI j, PSNR = 46.87 dB, SSIM = 0.9997.we show the pixels which are not used to embed bits of the secret message because they serve as flags or are part of an error sequence. Note that the prediction errors areoftenon the edges and there are sometimes more than one error in the same block and, in these cases, the loss in terms of embedding capacity decreases. The histogram in Fig. 9.b illustrates the distribution of the prediction errors when the CPE-HCRDH approach is used and then shows the necessary modifications of the pixel values to avoid all the prediction errors and Fig. 9.c represents the pre-processed image based onAlgorithm1. We can observe that the pre-processed image is verysimilar tothe original one, which isindicated byaPSNRequalto46.87 dB and a SSIM of0.9997. InFig.9.d,wecansee the encrypted pre-processed image by using the encryption key. Fig. 10.b is the encrypted image in the EPE-HCRDH approach and Fig. 10.c corresponds to this image when the highlighted prediction errors are embedded. The contentof the original image and theerrorlocationinformationarenot visible anymore. Fig. 9.e and Fig. 10.d are the marked encrypted images, obtained in the final step of the encoding. For the CPE-HCRDH approach, each pixel of the encrypted pre-processed image is used to conceal one bit of the secret message (payload = 1 bpp). For the EPE-HCRDH approach, we mark the pixels according to the error location information andeveniftheembedding rateissmaller,itisquite high
Fig. 10. Illustration of our EPE-HCRDH approach: a) Unmarked pixels’ location (errors and flags), number of errors 1, 225 (0.46%), b) Encrypted image Ie , c) Encrypted image Ie with the highlighted prediction errors,•j=j=•Reconstructed image I , PSNR → +∞, SSIM = 1.+∞+∞and a SSIM equal to 1 (Fig. 10.e). Note that the secret message is always extracted without error in both approaches.××+∞+∞TABLE IPP
varianceofx(V (x)= 1 ΣS|xk − E(x)|2) and S is theSSk=1k=1ON THE BOWS-2 DATABASE (10,000 IMAGES) [1]
size of the considered sample.•Shannon entropy:ΣΣH(I) = −P(αl ) log2(P(αl )),(12)l=0≤≤×וχ 2 test:
255Σ .Σ .
P(α )1−l−lΣΣ22
.(13)•Σm−1 Σn−1 d(i, j )Σm−1 Σn−1 d(i, j )N PC R =
i=0
j =0m × n
× 100,(14).=( , ) =.=( , ) =di j1, if p(i, j )pj(i, j ),0, otherwise.•Unified averaged changed intensity (UACI):
(15)Fig. 11. Payload measurements, for the EPE-HCRDH approach, on a sample of 500 images from the BOWS-2 database [1].
U AC I100==
m−1 n−1p(i, j )pj(i, j )Σ Σ ..−Σ Σ ..−i=0 j =0which indicates a very good image quality. Concerning the•
Peak-signal-to-noise ratio (PSNR):..+∞+∞m×nm×ni=0i=0j =0j =0theimages,thePSNRtends then toand the SSIM is equal to 1. Even if all the pixels are not marked becausetheimages,thePSNRtends then toand the SSIM is equal to 1. Even if all the pixels are not marked because
PSN R = 10 · log10
1 Σm−1 Σn−1( p(i, j ) − pj(i, j ))2(17)(17)there are some MSB prediction errors (in particular in the worst case), the payload remains high andontheaverage, we have a payload of 0.9681 bpp; in92.19%, itislarger than 0.9 bpp.In order to better visualize the distribution of the different image payloads, in Fig. 11, we randomly selected 500 images among the 10,000 tested images [1] and applied our EPE-HCRDH approach.•Statistical Analysis of Our Proposed MethodWe perform a statistical analysisofourtwoapproaches, in order to verifythattheyachieveahighvisualsecu-rity level. Weusedifferentstatisticalmetrics:horizontal and vertical correlation coefficients, Shannon entropy,χ 2 test, number of changing pixel rate (NPCR), unifiedaver- aged changed intensity (UACI) and PSNR between the original image and the encrypted or markedencrypted images.•Horizontal and vertical correlation coefficients:
As we can see in Fig. 12, the correlation between horizontal pixels in the original image is very high (Fig.12.a) while there is no correlation between adjacent pixels in the marked encrypted images (Fig. 12.c and Fig. 12.g) and the encrypted image with the highlighted PEs (Fig. 12.e). Moreover, the his- togram of the marked encrypted image obtained with our CPE-HCRDH approach (Fig. 12.d) and the histograms of the encrypted image with the highlightedPEs(Fig.12.f)and the marked encrypted image (Fig. 12.h) obtained with our EPE-HCRDH approach are uniformly distributed in compar- ison with the original image (Fig. 12.b). It is not possible to exploit them to obtain information about the original content of the image. Indeed, our image encryption scheme allows us to make pseudo-random dependence of the statistical properties between the encrypted images and the originalimageand this characteristic is conserved after the insertion of the secret message or of the error location information, as presented in the Table II. In the original image (Fig. 8), there is a high correlationbetweenadjacentpixels,asindicatedby valuesclose to one (0.9388 and 0.9436). In the encrypted or markedcorrp,pN
= E {| p − E( p)|| pN − E( pN )|} ,(11)
encrypted images, these values are low and close to zero, which means that there is no correlation between the pixel√V ( p)V ( pN )√V ( p)V ( pN )pixel when the horizontal correlation is computed and the top pixel when thevertical correlation is computed),E(x) isthe
values. Moreover, we can seethat the value of the entropyis very high for the encrypted or marked encrypted images(∼7.9995bpp)andclose to themaximalvalue,whichSSk=1k=1
indicates that the grey-level distribution tends to be uniform.Fig. 12.Statisticalrepresentations(correlationand histogram) for the original,encrypted and marked encryptedimages obtainedwith our two approaches.a) Horizontal correlation in the original image (Fig. 8). b) Histogram of the original image (Fig. 8). c) Horizontal correlation in the marked encrypted image, with the CPE-HCRDH approach (Fig. 9.e). d) Histogram of the marked encrypted image, with the CPE-HCRDH approach (Fig. 9.e). e) Horizontal correlation in the encrypted image with the highlighted PEs, with theEPE-HCRDH approach(Fig. 10.c).f) Histogramofthe encryptedimage withthe highlighted PEs, with the EPE-HCRDH approach (Fig. 10.c). g) Horizontal correlation in the marked encrypted image, with the EPE-HCRDH approach (Fig. 10.d).h) Histogram of the marked encrypted image, with the EPE-HCRDH approach (Fig. 10.d).TABLE IIQUALITY EVALUATION OF THE OBTAINED IMAGES WITH OUR TWO APPROACHES∼∼∼∼∼∼•Comparisons With Related Methods and DiscussionWe made several comparisons, in terms of embedding rate and reconstructed image quality, between our two proposed
approaches and eight state-of-the-art methods: very recent methods proposed by Zhang et al. [32] and Cao et al.[2] (Fig. 13.a–d) and other methods proposed by Zhang [30], Hong et al. [6], Zhang [31], Ma et al. [12], Zhang et al. [29] and Wu and Sun [27] (Fig. 13.a–b).To do this, we used the well known images of Lena, Airplane, Man and Crowd. First of all, we can see that our approaches allow us to have a larger payload than theothers in all cases. In fact, the maximal payload value for the state- of-the-art methods, obtained by Cao et al. is 0.95 bpp. With our CPE-HCRDH approach, we can embed 1 bpp and with the EPE-HCRDH one, we achieve results very close to this high value. In fact, since we do not need to use overhead for our two approaches, in the EPE-HCRDH approach, we have to decrease the payload and the costis0.0359bppforLena, 0.0111 bpp for Airplane, 0.0212 bpp for Man and 0.0145 bpp for Crowd. When we examine the reconstructed image quality, our EPE-HCRDH approach is the only schemereconstructed. Note that even if in the proposed method the hidden message can be used for several applications for authentication and data enrichment, it can been also used asan alternative of ECC (Error Correcting Code) for integrity check for example.Fig. 13. Performance comparisons between our proposed approaches and similar state-of-the-art methods for four test images. a) Test image: Lena.b) Test image: Airplane. c) Test image: Man. d) Test image: Crowd.→ +∞→ +∞In conclusion, in addition to being error-free during data extraction, our method, whatever the adopted approach, allows us to have a very good trade-off between the embedding rate and the recovered image quality after data extraction, by using only the encryption key. Fromthesecuritypointofview, the statistical analysis shows that there is no information about the content of the original image in the encrypted or marked encrypted version. Moreover, if a small part of the secret mes- sage is modified by an attacker, as this message is encrypted, it cannot be decrypted and thus exploited for authentication. Moreover, in the EPE-HCRDH approach, if the message is modified or removed, then the clear image could not be•
CONCLUSION==→ +∞→ +∞allow us to improve the embedding capacity.REFERENCES•P. Bas and T. Furon. Image Database of BOWS-2. Accessed:Jun. 20, 2017. [Online]. Available: http://bows2.ec-lille.fr/•X. Cao, L. Du, X. Wei, D. Meng, and X. Guo, “Highcapacityreversible data hiding in encrypted images by patch-level sparse rep- resentation,” IEEE Trans. Cybern., vol. 46,no.5,pp.1132–1143, May 2016.•T.-H. Chen and K.-H. Tsao, “User-friendly random-grid-based visual secret sharing,” IEEE Trans. Circuits Syst.VideoTechnol.,vol.21,no. 11, pp. 1693–1703, Nov. 2011.•Z. Erkin et al., “Protection and retrieval of encrypted multimedia content: When cryptography meets signal processing,” EURASIP J. Inf. Secur., vol. 2007, pp. 17:1–17:20, Jan. 2007.•X. Gao, L. An, Y. Yuan, D. Tao, and X. Li, “Lossless data embedding using generalized statistical quantity histogram,” IEEE Trans. Circuits Syst. Video Technol., vol. 21, no. 8, pp. 1061–1070, Aug. 2011.•W. Hong, T.-S. Chen, and H.-Y. Wu, “An improved reversible data hiding in encrypted images using side match,” IEEE Signal Process. Lett., vol. 19, no. 4, pp. 199–202, Apr. 2012.•C. Y. Hsu, C. S. Lu, and S. C. Pei, “Image feature extraction in encrypted domain with privacy-preserving SIFT,” IEEE Trans. Image Process., vol. 21, no. 11, pp. 4593–4607, Nov. 2012.•V. Itier and W. Puech, “How to recompress a JPEG crypto-compressed image?” Electron. Imag., Media Watermarking, Security, Forensics,vol. 2017, no. 7, pp. 36–43, 2017.•P. Korshunov and T. Ebrahimi, “Scrambling-based tool for secure protection of JPEG images,” in Proc. 21st IEEE Int. Conf. Image Process. (ICIP), Oct. 2014, pp. 3423–3425.•S. Li, G. Chen, and X. Mou, “On the dynamical degradation of digital piecewise linear chaotic maps,” Int. J. Bifurcation Chaos, vol. 15, no. 10, pp. 3119–3151, 2005.•W. Lu, A. Swaminathan, A. L. Varna, and M. Wu, “Enabling searchoverencryptedmultimediadatabases,”Proc. SPIE, vol. 7254,Feb. 2009•K. Ma, W. Zhang, X. Zhao, N. Yu, and F. Li, “Reversible data hiding in encrypted images by reserving room before encryption,”IEEE Trans. Inf.ForensicsSecurity,vol.8,no.3,pp.553–562,Mar. 2013.•K. Minemura, Z. Moayed, K. Wong, X. Qi, and K. Tanaka, “JPEG image scrambling without expansion in bitstream size,” in Proc. 19th IEEE Int. Conf. Image Process. (ICIP), Sep./Oct. 2012, pp. 261–264.•M. Naor and A. Shamir, “Visual cryptography,” in Proc. Workshop Theory Appl. Cryptogr. Techn., 1994, pp. 1–12.•Z. Ni, Y.-Q. Shi, N. Ansari, and W.Su,“Reversibledatahiding,” IEEE Trans. Circuits Syst. Video Technol., vol. 16, no. 3, pp. 354–362, Mar. 2006.•B. Ou, X. Li, Y. Zhao, R. Ni, andY.-Q.Shi,“Pairwiseprediction- error expansion for efficient reversible data hiding,” IEEE Trans. Image Process., vol. 22, no. 12, pp. 5010–5021, Dec. 2013.•W. Puech, M. Chaumont, and O. Strauss, “Areversibledata hidingmethodforencryptedimages,”Proc. SPIE, vol. 6819, Mar. 2008.•W. Puech and J. M. Rodrigues, “Crypto-compression of medical images by selective encryption of DCT,” in Proc. 13th Eur. Signal Process. Conf. (EUSIPCO), Sep. 2005, pp. 1–4.•P. Puteaux, D. Trinel, and W. Puech, “High-capacity data hiding in encrypted images using MSB prediction,” in Proc. 6th IEEE Int. Conf. Image Process. Theory Tools Appl. (IPTA), Dec. 2016, pp. 1–6.•Z. Qian and X. Zhang, “Reversible data hiding in encrypted images with distributed source encoding,” IEEE Trans. Circuits Syst. Video Technol., vol. 26, no. 4, pp. 636–646, Apr. 2016.•V. Sachnev, H. J.Kim,J.Nam,S.Suresh,andY. Q. Shi, “Reversible watermarking algorithm using sorting and prediction,” IEEE Trans. Circuits Syst.VideoTechnol.,vol.19,no.7,pp.989–999, Jul. 2009.•W.-L. Tai, C.-M. Yeh, and C.-C. Chang, “Reversible data hiding based on histogram modification of pixel differences,” IEEE Trans. Circuits Syst. Video Technol., vol. 19, no. 6, pp. 906–910, Jun. 2009.•J. Tian, “Reversible watermarking by difference expansion,” in Proc. Workshop Multimedia Secur., vol. 19. 2002, pp. 1–4.•
J. Tian, “Reversible data embedding using a difference expansion,” IEEE Trans. Circuits Syst. Video Technol., vol. 13, no. 8, pp. 890–896, Aug. 2003.•W. Trappe and L. C. Washington, Introduction to Cryptography With Coding Theory. Bengaluru, India: Pearson Education, 2006.•M. Van Droogenbroeck and R. Benedett, “Techniques for a selective encryption of uncompressed and compressed images,” in Proc. Adv. Concepts Intell. Vis. Syst. (ACIVS), Ghent, Belgium, 2002, pp. 90–97.•X. Wu and W. Sun, “High-capacity reversible data hiding in encrypted images by prediction error,” Signal Process., vol. 104, pp. 387–400, Nov. 2014.•D. Xu and R. Wang, “Separable and error-free reversible data hiding in encrypted images,” Signal Process., vol. 123, pp. 9–21, Jun. 2016.•W. Zhang, K. Ma, and N. Yu, “Reversibility improved data hiding in encrypted images,” Signal Process., vol. 94, pp. 118–127, Jan. 2014.•X. Zhang, “Reversible data hiding in encrypted image,” IEEE Signal Process. Lett., vol. 18, no. 4, pp. 255–258, Apr. 2011.•X. Zhang, “Separable reversible data hidinginencryptedimage,” IEEE Trans. Inf.ForensicsSecurity,vol.7,no.2,pp.826–832,Apr. 2012.•X. Zhang, J. Long, Z. Wang, and H. Cheng, “Lossless and reversible data hiding in encrypted images with public-key cryptography,” IEEE Trans. Circuits Syst. Video Technol., vol. 26, no. 9, pp. 1622–1631, Sep. 2016.•J. Zhou, W. Sun, L. Dong, X. Liu, O. C. Au, and Y. Y. Tang, “Secure reversible image data hiding over encrypted domain via key modulation,” IEEE Trans. Circuits Syst. Video Technol., vol. 26, no. 3, pp. 441–452, Mar. 2016.Pauline Puteaux received the M.S. degree in computer science and applied mathematics, with specialization in cybersecurity from the University of Grenoble, France, in 2017. She is currently pursuingthePh.D.degreewiththeLaboratory of Informatics, Robotics and Microelectronics of Montpellier, France. Her research interests include multimedia security, image analysis and processing in the encrypted domain.William Puech received the diplomaofElectri- cal Engineering from the Univ. Montpellier, France (1991) and a Ph.D. Degree in Signal-Image-Speech from the Polytechnic National Institute of Greno- ble, France (1997) with research activities in image processing and computer vision. He served as a Visiting Research Associate to the University of Thessaloniki, Greece. From 1997 to 2008, he has been an Associate Professor at the Univ. Montpellier, France. Since 2009, he is full Professor in image processing at the Univ. Montpellier, France. Hiscurrent interests are in the areas of image forensics and security for safe transfer, storage and visualization by combining data hiding, compressionand cryptography. He is the head of the ICAR team (Image & Interaction) in the LIRMM, has published more than 40 journal papers and 120 conference papers and is associate editor for 5 journals (JASP, SPIC, SP, JVCIR andIEEE TDSC) in the areas of image forensics and security. Since 2017 he is the general chair of the IEEE Signal Processing French Chapter and since 2018 he is a member of the IEEE Information Forensics and Security TC.
Reviews
There are no reviews yet.