Abstract: This paper presents a survey of fragile watermarking schemes for image authentication proposed in recent times. The limited embedding capacity and extent of tampering are some of the important issues among other issues that drive the research in this area. Therefore we have presented in this survey the gist of the components of the fragile watermarking schemes in just enough detail so that the reader may gain a fair idea of the issues, techniques adopted in general to address them and the comparison of results. The general frame work of the fragile watermarking system, different categories of attacks and parameters used to evaluate the schemes are presented in this survey. The comparative analysis and the quantitative comparison of basic schemes and their variations with improvements will help the researchers in quick review of the recent developments in this area.
Index Terms — Fragile watermarking, Image Security, Image Authentication, Survey.
With the advent of internet and digital technologies, the image acquisition and sharing the images across continents has become extremely easy and fast. At the same time, with the development of the image processing tools such as Photoshop it has become even easier to manipulate the contents of the images imperceptibly to ones convenience in a short time. Now this presents, among other challenges, such as copy-right claims, a ground for image authentication techniques that not only helps to check integrity of the image, but also localize the tampered areas of the image and recovers them up to a satisfactory perceptual level.
The digital watermarking is a technique that attempts to solve this problem of image authentication. This technique involves inserting certain data called watermark – either derived from the content of the image or otherwise – imperceptibly in the image without affecting the perceptual quality of the image severely. The requirement of a fragile digital watermarking is that any modifications to the contents of the image should also affect the watermark. At the receiver’s end if the watermarks computed and extracted from the image match, then the image authentic, otherwise it is assumed to be tampered. One of the crucial stages of the fragile watermarking systems is the tamper localisation. In those schemes that attempt to recover the tampered regions, the accuracy of the tamper localization also contributes towards the quality of the recovered image. The watermarking techniques that accommodate the innocuous image processing operations such as resizing, compression etc. are termed as semi-fragile watermarking systems.
There is a great deal of literature available on digital watermarking for image authentication. The reader may refer the earlier related surveys     if necessary. We aim to present the part of the literature that is concerned with fragile watermarking systems in just enough detail that might give an idea of couple of the components of the scheme in the article being reviewed and arouse an interest to refer the actual article.
PROPERTIES OF FRAGILE WATERMARKING SCHEMES:
The following are few fundamental properties required of fragile watermarking schemes.
Tamper detection and localisation
The scheme should be able to detect whether the image is tampered or not with high probability even if it is very insignificant modification to the image. It should also be able to accurately localise the tampered regions. This directly contributes towards the quality of the recovered image in case the scheme also has image recovery module.
This refers to the similarity between the watermarked image and the original image. If the adversary could identify the existence of the watermark then the security of the image is under threat. Though not a perfect metric, the PSNR is widely used and accepted measure of the perceptual transparency.
The computational cost generally measured in terms of execution time of the embedding, detection of watermark and localisation of the tampered regions and recovery of the tampered regions.
Blind or informed detection: The blind watermark detection involves detection of the watermark without the help of any reference image where as informed detection involves using a reference image for watermark detection. The blind watermark detection is more relevant to many applications.
3. STATE OF THE ART
We aim to review some important fragile watermarking schemes proposed and follow up with schemes that improved them and compare the results briefly. We do not intend to give exhaustive over view of the fragile watermarking schemes, rather choose representative ones that had novel idea and a few worthy improvements made to them. In most of the schemes the watermark bits generated were dependent on the block content of the image. In a few schemes, especially the ones that did not have tampered image recovery module, the watermark were independent of block content of the image.
In this section we describe the general frame work of the fragile watermarking schemes. The fragile watermarking frame work includes the watermark generation; it’s embedding at sender’s end and extraction at receiver’s end, tamper detection and localisation and finally the recovery of the tampered regions. The security of the watermark may further require private key generation and encryption. The generation and embedding of the watermark may be done in spatial or transformed domain of the image or each one in different domains .
The generation of the watermark is crucial in the fragile watermarking schemes. The length of the watermark has direct effect on the quality of the watermarked image. The larger the payload, the lower the PSNR value of the watermarked image. Further, if tamper detection and localisation alone is the aim, then the payload could be less. The tampered region recovery module will certainly need more information to be embedded compared to authentication alone. The following are widely used types of watermarks.
Random binary sequence: Fragile watermarking schemes that concern with tamper detection alone can possible make use of a random binary sequence. The random sequence with a specific density function such as standard normal distribution may be generated using a seed value or with the help of chaotic sequence of a chaotic map and threshold.
Combination of authentication and restoration bits: Fragile watermarking schemes that concern with both tamper localisation and recovery will have both authentication bits and restoration bits in the watermark. Generally the number of restoration bits will be more than the authentication bits. The restoration bits can be average intensity, of VQ index, quantized DCT coefficients etc.
4. METRICS FOR WATERMARKED AND RECOVERED IMAGES:
The following are most widely used metrics for evaluating the perceptual quality of the watermarked and recovered images against the original and watermarked images respectively.
Peak Signal to Noise Ratio (PSNR): Though not always a suitable measure, PSNR is widely used and accepted measure of the fidelity of the watermarking method and visual inspection between watermarked and reconstructed images. It is calculated by the following expression.
PSNR = “10 ” 〖”log” 〗_”10″ 〖〖”255″ 〗^”2″ /”MSE” 〗
Where MSE = (∑_(i=1)^m▒∑_(j=1)^n▒(I(i,j)- I^’ (i,j) )^2 )/(m × n) where “I &” 〖” I” 〗^”‘” are the two images being compared.
Normalized correlation coefficient (NC): Normalized correlation coefficient is a measure of similarity between two signals. It is calculated using the following expression.
NC = (∑_”i” ▒〖∑_j▒”W” _”ij ” “W” _”ij” ^”‘” 〗)/”m × n”
where “W” _”ij,” 〖”,W” 〗_”ij” ^”‘” are the values of located at (i, j) of the images. The value in the double summation is set to 1 if the watermark bit is 1 otherwise set to -1, m and n are dimensions of the images.
5. METRICS FOR EVALUATING TAMPER DETECTION:
The following are some of the widely used and accepted metrics for evaluating the tamper detection performance.
Probability of False Acceptance (PFA): It is the probability of classifying a block as authentic when it’s actually a tampered block. It is calculated using the following expression.
PFA =” 1″-(” ” “N” _”td” )/”N” _”t”
Probability of False Rejection (PFR): It is the probability of classifying a block as tampered when it’s actually an authentic block. It is calculated using the following expression.
PFR = “1 – ” (” ” “N” _”ad” )/(“(N-” “N” _”t” “)” )
Probability of False Detection (PFD):
PFD = “N” _”t” /”N” ” × PFA+” (“1-” “N” _”t” /”N” )”×PFR”
where “N ” is the total number of blocks, “N” _”t” is the number of actually tampered blocks, “N” _”td” is the number of tampered blocks correctly detected, and “N” _”ad” is the number of authentic blocks incorrectly detected. It may be noted that lower the PFR, PFA the better the tamper detection performance.
6. ATTACKS ON FRAGILE WATERMARKS:
General tampering attacks
General tampering attacks include copy-paste attack, deletion attack, drawing tampering attack.
Vector Quantization (VQ) attacks
VQ attacks are proposed by Holliman and Memon . A representative code book is generated using some representative watermarked images of same size as training images. A counterfeit image is constructed by finding appropriate code word from the representative code book for each block in the original image. Thus the counterfeit block will have approximate watermark and approximate mapping block index. The VQ attacks are effective on the fragile watermarking schemes that are block or pixel independent.
In collage attack a section of a particular spatial location of a watermarked image is copied and pasted on the same spatial location of another watermarked image to construct a counterfeit image.
Constant Average attack
Constant average attack was proposed by Chang etc., on self embedding schemes in which the compression code of an image block is the block average intensity. The constant average attack involves replacing the image block of a watermarked image by average intensity of the 6MSBs of the block but keeping the last two LSBs of the block intact.
This is similar to the constant average attack, but in this attack the 6MSB of the block alone are modified keeping the remaining LSB intact.
This attack can be carried out with the help of a single authenticated image A and its authenticator O called oracle. The authenticator will classify each block/pixel in the image A as valid or invalid. So two equivalence classes are constructed, one contains valid pixels of A the other invalid pixels of A. Now to counterfeit an approximate image of given image H to pass the authenticator, for each pixel x in H the equivalence class of valid pixels of the A in the same position is searched to get a nearest value y and use this one to replace x in H. This procedure is repeated until all the pixels in H are scanned. Similar to VQ attacks the Oracle attacks are effective against the fragile watermarking schemes that are block/pixel independent.
Synchronous counterfeit attack (SC)
This attack was proposed by He etc.,  A counterfeit image of an un-watermarked image H is obtained by replacing for each pixel/block in H a pixel/block from one of the watermarked image available that is quite close to its value. Unlike VQ attack, SC attack does not require the sizes of the images to be same.
The rest of the paper is organized as follows: We present in section 7 components of and issues in a self-embedding scheme together with the review of papers based on it. Section 8 presents review of permutation and probability distribution based fragile watermarking schemes. Section 9 presents review of hamming code based fragile watermarking schemes. Section 10 presents review of DCT/DWT based fragile watermarking schemes. Section 11 presents review of fragile watermarking schemes of other approaches. Section 12 concludes the paper
7. SELF-EMBEDDING SCHEMES
Fridrich and Goljan proposed the first ever self embedding scheme as a means for protecting image content. Self-embedding based fragile watermarking schemes generally have 6 components namely (a) Block decomposition (b) Watermark generation (c) Block mapping (d) watermark embedding (e) authentication and tamper localization (f) Tampered region recovery. In block decomposition stage the image is decomposed into number of non-overlapping blocks of same size and then watermark bits are computed at the block level. The watermark may have two parts – authentication and recovery bits. Generally the number of recovery bits is more than the number of authentication bits. In certain schemes   authentication data are generated both at pixel level and at the block level. Once the watermark bits are generated they are embedded either in the same block or in some other block as specified by a block map. In certain schemes such as  the authentication bits are embedded in the same block while restoration bits in another block. It’s by using a block map that block dependency among the blocks created which makes the scheme resistant to VQ attacks or collage attacks. The length of the watermark influences the quality of the watermarked image; in particular if 3 LSB / 2LSB /1LSB of a pixel in the image are used for watermark embedding the PSNR of the watermarked image will be 37.9dB / 44.15 dB / 51.14 dB respectively. The image authentication concerns with the integrity of the received image while the tamper localisation concerns with the identifying the tampered regions in the image in case the image has been tampered. The smaller block size can yield better tamper localisation. Once the tampered regions are identified begins the recovery of the tampered blocks.
7.1 ISSUES IN SELF-EMBEDDING SCHEMES
Limited watermark embedding capacity: Since a larger payload can affect the quality of the watermarked image, the image features cannot be quite detailed. And any modification that leaves this compressed information intact cannot be detected. For instance the constant average attack on any block average intensity based scheme.
Randomness of the block mapping: The block mapping introduces the required block dependence and greater the randomness of the block mapping the greater would be the security of the scheme. But this does not guarantee that two adjacent blocks are not mapped to nearby blocks since the total number of blocks of an image is only finite. When the extent of tampering is large, the block mapping may also fail the detection and recovery.
Tamper detection accuracy: When the block size is large if a few pixels in the block are tampered, the entire block is classified as tampered which in turn affects the quality of the recovered image. Further, suppose that block features of k are embedded in block l and that of l in block j. If block l is tampered then, tamper detection of block k and j is difficult in the sense that mere mismatch of the features at the receiver’s end cannot help tamper detection. To address this problem some schemes   etc embedded authentication bits of the block in the same block, but restoration bits in the mapped block. When a block A and its mapped block B in which features of block A are embedded are both found to be tampered then recovery becomes difficult and this situation is termed as tamper coincidence problem. Successively better solutions were proposed in   .
Quality of recovered image: When tampered region is extensive, the tamper coincidence problem occurs more frequently than ever and the quality of the recovered image is affected. To overcome the tamper coincidence problem dual watermarking, dual redundant ring structure were proposed.  i.e. two copies of the compression code are embedded so that a second chance for recovering the block is available.
7.2 SELF-EMBEDDING BASED SCHEMES
Lin, Hsieh and Huan  divided image into number of non-overlapping blocks of size 4 x 4 and the watermark length of 8 bits consisted 6 restoration bits and 2 authentication bits for each non-overlapping 2 x 2 image block that is part of a 4 x 4 block.
The six restoration bits are the 6MSB of the block intensity average and of the 2 authentication bits one was parity bit of the 2 x 2 block and the other bit indicated if the average intensity of the 2 x 2 block in the 4 x 4 block is greater than the average intensity of the 4 x 4 block.
Using a linear block map, a block sequence of 4 x 4 blocks, A–›B–›C..is generated such that the watermark of a block is embedded in the immediately succeeding block in the sequence. The watermark bits of a 2 x 2 block of a 4 x 4 block A is embedded in the LSB of the corresponding 2 x 2 block of 4 x 4 block B.
The tamper detection part uses a hierarchical procedure. At the level-1 in a 4 x 4 block if the authentication bits of a 2 x 2 block matched with that of extracted, the 2 x 2 block is flagged valid otherwise not valid. At the level-2, a 4 x 4 block is flagged invalid if any of its sub-blocks at level-1 is flagged invalid. At level-3, any 4 x 4 block that is flagged valid at level-2 is flagged invalid if it’s 3 x 3 neighbourhood has five or more invalid blocks. Finally at level-4, to identify VQ attack, for a 4 x 4 block A flagged valid at level-3 if it’s paired 4 x 4 block B was flagged invalid then the block A is flagged valid otherwise go on to compare the calculated and extracted watermark bits to judge if A is valid or invalid. Though the tamper detection is close to 100% after level-2 inspection, the PFR of the scheme is very high. Also the authors do not address the tamper coincidence problem.
IMPROVEMENT 1: BLOCK MAPPING
Tien-You Lee et al.  identified that (a) linear block map used in  resulted in the “whole column moving” phenomenon that can affect the recovery capability when consecutive blocks in block mapping sequence are tampered simultaneously. (b) The mapping addresses of the blocks in the upper half of the image are complementary to those blocks at the same positions in the lower half of the image. To overcome the problem in (a) they generated the block sequence by constructing a look-up table using the linear block mapping in  and employing certain push aside operations. Further, the recovery rate is improved by embedding the block feature of a block A in itself and in its complementary block B. The quality of the watermarked image is further improved by using a smoothing function. The restoration bits of a block were the 5MSB of the average intensity of the block. The length of the watermark is 12 bits per 2 x 2 blocks.
C.L. Li et al.  embedded the watermark bits of length 64 of an 8 x 8 image block based on 14 important quantised DCT coefficients of the block in 1-LSB and 2-LSB of two different blocks respectively. The tamper detection scheme uses a neighbourhood based approach. As two copies of the watermark bits are embedded in different blocks the probability of survival of watermark bits under an attack is improved and thus the tamper detection and the recovery.
Di Xiao et al.  improved the scheme in . They generalized the four scanning attack and blind attacks proposed against the scheme in . The block mapping is done by sorting the chaotic sequence generated by a piece-wise linear chaotic map. After generating watermark bits of 2 x 2 blocks in a 4 x 4 block, the watermark bits are subject to a novel chaotic encryption and permutation before finally embedded in the corresponding block. The chaotic encryption permutation schemes make the scheme sensitive to even minor modification to an isolated pixel at third LSB. As the block map is based on the chaotic map the security of the scheme improved drastically. The tamper coincidence problem is not addressed.
In Maher El’arbi et al.  scheme 8 x 8 block of the image has its watermark bits to be the average intensity of the block. The watermark bits of one block are inserted in the middle frequencies of the DCT of another block which is at least ¼ of the total number of blocks away. Compared with other self embedding schemes, the block mapping of the scheme is not random. If the computed and recovered block intensities are identical then the block is flagged ‘not tampered’, otherwise tampered. For recovering the tampered block, the block intensity of the block is extracted from its mapped block and fed to neural network which will help reconstruct the entire block.
...(download the rest of the essay above)