A Secret-Sharing-Based Method for Authentication of Grayscale Document Images via the Use of the PNG Image With a Data

e!air "a!a#ility A#stract A new blind authentication method based on the secret sharing technique with a data repair capability for grayscale document images via the use of the Portable Network Graphics (PNG) image is proposed. An authentication signal is generated for each block of a grayscale document image which together with the binari!ed block content is transformed into several shares using the "hamir secret sharing scheme. #he involved parameters are carefully chosen so that as many shares as possible are generated and embedded into an alpha channel plane. #he alpha channel plane is then combined with the original grayscale image to form a PNG image. $uring the embedding process the computed share values are mapped into a range of alpha channel values near their ma%imum value of &'' to yield a transparent stego(image with a disguise effect. )n the process of image authentication an image block is marked as tampered if the authentication signal computed from the current block content does not match that e%tracted from the shares embedded in the alpha channel plane. $ata repairing is then applied to each tampered block by a reverse "hamir scheme after collecting two shares from unmarked blocks. *easures for protecting the security of the data hidden in the alpha channel are also proposed. Good e%perimental results prove the effectiveness of the proposed method for real applications. Introduction D)G)#A+ image is a form for preserving important information. ,owever with the fast advance of digital technologies it is easy to make visually imperceptible modifications to the contents of digital images. ,ow to ensure the integrity and the authenticity of a digital image is thus a challenge. )t is desirable

to design effective methods to solve this kind of image authentication problem particularly for images of documents whose security must be protected. )t is also hoped that if part of a document image is verified to have been illicitly altered the destroyed content can be repaired. "uch image content authentication and self-repair capabilities are useful for the security protection of digital documents in many fields such as important certificates signed documents scanned checks circuit diagrams art drawings design drafts last will and testaments and so on. $ocument images which include te%ts tables line arts etc. as main contents are often digiti!ed into grayscale images with two ma-or gray values one being of the background (including mainly blank spaces) and the other of the foreground (including mainly te%ts). )t is noted that such images although gray valued in nature look like binary. .or e%ample the two ma-or gray values in the document respectively. )t seems that such binary-like grayscale document images may be thresholded into binary ones for later processing but such a thresholding operation often destroys the smoothness of the boundaries of te%t characters resulting in visually unpleasant stroke appearances with !ig!ag contours. #herefore in practical applications te%t documents are often digiti!ed and kept as grayscale images for later visual inspection. )n general the image authentication problem is difficult for a binary document image because of its simple binary nature that leads to perceptible changes after authentication signals are embedded in the image pi%els. "uch changes will arouse possible suspicions from attackers. A good solution to such binary image authentication should thus take into account not only the security issue of preventing image tampering but also the necessity of keeping the visual quality of the resulting image. )n this paper we propose an authentication method that deals with binary-like grayscale document images instead of pure binary ones and simultaneously solves the problems of image tampering detection and visual quality keeping. "everal methods for binary image authentication have been proposed in the past. /u and +iu manipulated the so(called flippable pi%els to create specific relationships to embed data for authentication and annotation of binary images. 0ang and 1ot proposed

a two(layer binary image authentication method in which one layer is used for checking the image fidelity and the other for checking image integrity. )n the method a connectivity( preserving transition criterion for determining the flippability of a pi%el is used for embedding the cryptographic signature and the block identifier. +ater 0ang and 1ot proposed a pattern(based data hiding method for binary image authentication in which three transition criteria are used to determine the flippabilities of pi%els in each block and the watermark is adaptively embedded into embeddable blocks to deal with the uneven embeddability condition in the host image. )n the method proposed in a set of pseudorandom pi%els in a binary or halftone image are chosen and cleared and authentication codes are accordingly computed and inserted into selected random pi%els. )n #!eng and #sai2s method randomly generated authentication codes are embedded into image blocks for use in image authentication and a so(called code holder is used to reduce image distortion resulting from data embedding. +ee et al. proposed a ,amming(code(based data embedding method that flips one pi%el in each binary image block for embedding a watermark yielding small distortions and low false negative rates. +ee et al. )mproved the method later by using an edge line similarity measure to select flippable pi%els for the purpose of reducing the distortion.

$iterature evie% 3.Multi!ur!ose %atermar&ing for image authentication and !rotection /e propose a novel multipurpose watermarking scheme in which robust and fragile watermarks are simultaneously embedded for copyright protection and content authentication. 4y quanti!ing a host image5s wavelet coefficients as masking threshold units (*#6s) two complementary watermarks are embedded using cocktail watermarking and they can be blindly e%tracted without access to the host

image. .or the purpose of image protection the new scheme guarantees that no matter what kind of attack is encountered at least one watermark can survive well. 7n the other hand for the purpose of image authentication our approach can locate the part of the image that has been tampered with and tolerate some incidental processes that have been e%ecuted. 8%perimental results show that the performance of our multipurpose watermarking scheme is indeed superb in terms of robustness and fragility.

&. 'ierarchical %atermar&ing for secure image authentication %ith locali(ation "everal fragile watermarking schemes presented in the literature are either vulnerable to vector quanti!ation (9:) counterfeiting attacks or sacrifice locali!ation accuracy to improve security. 6sing a hierarchical structure we propose a method that thwarts the 9: attack while sustaining the superior locali!ation properties of blockwise independent watermarking methods. )n particular we propose dividing the image into blocks in a multilevel hierarchy and calculating block signatures in this hierarchy. /hile signatures of small blocks on the lowest level of the hierarchy ensure superior accuracy of tamper locali!ation higher level block signatures provide increasing resistance to 9: attacks. At the top level a signature calculated using the whole image completely thwarts the counterfeiting attack. *oreover ;sliding window; searches through the hierarchy enable the verification of untampered regions after an image has been cropped. /e provide e%perimental results to demonstrate the effectiveness of our method.

)* Data hiding in #inary image for authentication and annotation #his paper proposes a new method to embed data in binary images including scanned te%t figures and signatures. #he method manipulates ;flippable; pi%els to enforce specific block(based relationship in order to embed a significant amount of data without causing noticeable artifacts. "huffling is applied before embedding to equali!e the uneven embedding capacity from region to region. #he hidden data can be e%tracted without using the original image and can also be accurately e%tracted after high quality printing and scanning with the help of a few registration marks. #he proposed data embedding method can be used to detect unauthori!ed use of a digiti!ed signature and annotate or authenticate binary documents. #he paper also presents analysis and discussions on robustness and security issues.

+,isting System"everal methods for binary image authentication have been proposed in the past. /u and +iu manipulated the so(called flippable pi%els to create specific relationships to embed data for authentication and annotation of binary images. 0ang and 1ot proposed a two(layer binary image authentication method in which one layer is used for checking the image fidelity and the other for checking image integrity. )n the method a connectivity( preserving transition criterion for determining the flippability of a pi%el is used for embedding the cryptographic signature and the block identifier. 0ang and 1ot proposed a pattern(based data hiding method for binary image authentication in which three transition criteria are used to determine the flippabilities of pi%els in each block and the watermark is adaptively embedded into embeddable blocks to deal with the uneven embeddability condition in the host image. )n the method proposed a set of pseudorandom pi%els in a binary or halftone image are chosen and cleared and authentication codes are accordingly computed and inserted into selected random pi%els. )n #!eng and #sai2s method randomly generated authentication codes are embedded into image blocks for use in image authentication and a so(called code holder is used to reduce image distortion resulting from data embedding. +ee et al. proposed a ,amming(code(based data embedding method that flips one pi%el in each binary image block for embedding a watermark yielding small distortions and low false negative rates. +ee et al. improved the method later by using an edge line similarity measure to select flippable pi%els for the purpose of reducing the distortion. Pro!osed System

)n this paper a method for the authentication of document images with an additional self(repair capability for fi%ing tampered image data is proposed. #he input cover image is assumed to be a binary(like grayscale image with two ma-or gray values. After the proposed method is applied the cover image is transformed into a stego(image in the Portable Network Graphics (PNG) format with an additional alpha channel for transmission on networks or archiving in databases. #he stego(image when received or retrieved may be verified by the proposed method for its authenticity. )ntegrity modifications of the stego(image can be detected by the method at the block level and repaired at the pi%el level. )n case the alpha channel is totally removed from the stego( image the entire resulting image is regarded as inauthentic meaning that the fidelity check of the image fails. #he proposed method is based on the so(called (threshold secret sharing scheme proposed by "hamir in which a secret message is transformed into shares for keeping by participants and when of the shares not necessarily all of them are collected the secret message can be losslessly recovered. "uch a secret sharing scheme is useful for reducing the risk of incidental partial data loss. <onventionally the concepts of =secret sharing> and =data hiding for image authentication> are two irrelevant issues in the domain of information security. ,owever in the proposed method we combine them together to develop a new image authentication technique. #he secret sharing scheme is used in the developed technique not only to carry authentication signals and image content data but also to help repair tampered data through the use of shares.

'ard%are re.uirements-

Processor Aam ,ard $isk <ompact $isk )nput device "ource $ocument )mage

? Any Processor above '@@ *,!. ? 3 G4. ? 3@ G4. ? B'@ *b. ? "tandard 1eyboard and *ouse.

Soft%are re.uirementsAdd Alpha <hannel Plane 7perating "ystem #echnology 8mbed Authentication "ignals ? /indows Cp. ? Net 4eans D.3 ? Edk3.B Get 7riginal or repaired document )mage

Generate "tego System Architecture )mage

<heck Authentic

Aemove alpha <hannel Plane

Aepair #ampered 4locks

Modules /* Stego Image Generation 0* +m#edding authentic signals )* Stego Image verification 1* Self e!airing

Module Descri!tion /* Stego Image Generation )n this module we generate the stego image. #he )mage can be generated using adding a alpha plane channel.

0* +m#edding authentic signals #he following step will be used to embed the authentication signal in stego image. a. <onvert gray scale image to binary image b. #ransform the cover image into the PNG format c. <reate of authentication signals d. <reate of data for secret sharing e. Partial share generation f. *ap partial shares g. 8mbed two partial shares in the current block h. 8mbed remaining partial shares at random pi%els

)* Stego Image verification )n this module we e%tract the embedded gray scale values and verify the stego image. #he following step will be used to verify the stego image. a. 8%traction of the hidden authentication signal b. <omputation of the authentication signal from the current block content c. *atching of the hidden and computed authentication signals and marking of tampered blocks

1* Self e!airing )n this module we e%tract the remaining partial shares and repair the tampered regions.

Data 2lo% Diagram

Source Document Image

$.$ User

Add Alpha Channe l Plane

Embed ding

Stego Image

Binariza tion

Data For authenticatio n and repairing

Secret Sharing Schem e

Parti al Shar es

Mapped Partial Shares

Mappin g

Stego Image

Extract Share s

In erse secret Sharing Scheme

Binariza tion Use "ase Diagram

Compute Authentic ate Data

Matc h

Authentic

Compare

!o Match

"epair

Select Source docum ent e I m age

Add Alpha Channel Plane

Apply Binarizat ion

Generat e St ego image

Sender

Transmit St ego I m age

Receiver

Check Aut henicat ion

Repair Tam pered Blocks

Get Original I m age

"lass Diagram

Sender + Image img + String id + void getDocumentImage() + void generateStegoImage() + void TransmitImage() + void embedSignals()

Receiver + Image img + String id + void checkAuthentication() + void removeAlphaChannel() + void repairTamperBlock() + void getOriginalImage()

Activity Diagram

Source Document Image

Add Alpha Channel lane

!enerate stego Image

Transmit Image

#es Authentic

"emove alpha channel lane

!et Original or repaired Image

$o "epair tampered block

Se.uence Diagram

Sender

"eceiver

% & !et Source Document Image()

' & Add alpha channel plane()

( & !enerate Stego Image()

) & Transmit Image()

* & Check Authentic()

+ & "emove alpha plane channel()

, & "epair tampered block()

- & !et Original Image()

"olla#oration Diagram

* & Check Authentic() % & !et Source Document Image() ' & Add alpha channel plane() ( & !enerate Stego Image() + & "emove alpha plane channel() , & "epair tampered block() - & !et Original Image()

Sender ) & Transmit Image()

"eceiver

Soft%are Descri!tion 3ava 4echnology Eava technology is both a programming language and a platform. 4he 3ava Programming $anguage #he Eava programming language is a high(level language that can be characteri!ed by all of the following bu!!words? "imple Architecture neutral 7b-ect oriented Portable $istributed ,igh performance )nterpreted *ultithreaded

 Aobust $ynamic "ecure /ith most programming languages you either compile or interpret a program so that you can run it on your computer. #he Eava programming language is unusual in that a program is both compiled and interpreted. /ith the compiler first you translate a program into an intermediate language called Java byte codes Fthe platform( independent codes interpreted by the interpreter on the Eava platform. #he interpreter parses and runs each Eava byte code instruction on the computer. <ompilation happens -ust onceG interpretation occurs each time the program is e%ecuted. #he following figure illustrates how this works.

W5 6ING 52 3A7A 0ou can think of Eava bytecodes as the machine code instructions for the Java Virtual Machine (Eava 9*). 8very Eava interpreter whether it2s a development tool or a /eb browser that can run applets is an implementation of the Eava 9*. Eava bytecodes help make =write once run anywhere> possible. 0ou can compile your program into bytecodes on any platform that has a Eava compiler. #he bytecodes can then be run on any implementation of the Eava 9*. #hat means that as long as a computer has a Eava 9* the same program written in the Eava programming language can run on /indows &@@@ a "olaris workstation or on an i*ac.

4he 3ava Platform A platform is the hardware or software environment in which a program runs. /e2ve already mentioned some of the most popular platforms like /indows &@@@ +inu% "olaris and *ac7". *ost platforms can be described as a combination of the operating system and hardware. #he Eava platform differs from most other platforms in that it2s a software(only platform that runs on top of other hardware(based platforms. #he Eava platform has two components?

#he Java Virtual Machine (Eava 9*) #he Java Application Programming Interface (Eava AP))

0ou2ve already been introduced to the Eava 9*. )t2s the base for the Eava platform and is ported onto various hardware(based platforms. #he Eava AP) is a large collection of ready(made software components that provide many useful capabilities such as graphical user interface (G6)) widgets. #he Eava AP) is grouped into libraries of related classes and interfacesG these libraries are known as packages. #he ne%t section /hat <an Eava #echnology $oH functionality some of the packages in the Eava AP) provide. #he following figure depicts a program that2s running on the Eava platform. As the figure shows the Eava AP) and the virtual machine insulate the program from the hardware. highlights what

4'+ 3A7A P$A425 M

Native code is code that after you compile it the compiled code runs on a specific hardware platform. As a platform(independent environment the Eava platform can be a bit slower than native code. ,owever smart compilers well(tuned interpreters and -ust( in(time bytecode compilers can bring performance close to that of native code without threatening portability. hat !an Java "echnology #o$ #he most common types of programs written in the Eava programming language are applets and applications. )f you2ve surfed the /eb you2re probably already familiar with applets. An applet is a program that adheres to certain conventions that allow it to run within a Eava(enabled browser. ,owever the Eava programming language is not -ust for writing cute entertaining applets for the /eb. #he general(purpose high(level Eava programming language is also a powerful software platform. 6sing the generous AP) you can write many types of programs. An application is a standalone program that runs directly on the Eava platform. A special kind of application known as a server serves and supports clients on a network. 8%amples of servers are /eb servers pro%y servers mail servers and print servers. Another speciali!ed program is a servlet. A servlet can almost be thought of as an applet that runs on the server side. Eava "ervlets are a popular choice for building interactive web applications replacing the use of <G) scripts. "ervlets are similar to applets in that they are runtime e%tensions of applications. )nstead of working in browsers though servlets run within Eava /eb servers configuring or tailoring the server. ,ow does the AP) support all these kinds of programsH )t does so with packages of software components that provide a wide range of functionality. 8very full implementation of the Eava platform gives you the following features?

#he essentials? 7b-ects strings threads numbers input and output data structures system properties date and time and so on.

Applets? #he set of conventions used by applets. Networking? 6A+s #<P (#ransmission <ontrol Protocol) 6$P (6ser $ata gram Protocol) sockets and )P ()nternet Protocol) addresses.

)nternationali!ation? ,elp for writing programs that can be locali!ed for users worldwide. Programs can automatically adapt to specific locales and be displayed in the appropriate language.

"ecurity? 4oth low level and high level including electronic signatures public and private key management access control and certificates.

"oftware components? 1nown as Eava4eans#* can plug into e%isting component architectures.

7b-ect seriali!ation? Allows lightweight persistence and communication via Aemote *ethod )nvocation (A*)).

Eava $atabase <onnectivity (E$4<#*)? Provides uniform access to a wide range of relational databases.

#he Eava platform also has AP)s for &$ and I$ graphics accessibility servers collaboration telephony speech animation and more. #he following figure depicts what is included in the Eava & "$1.

2IGU + 1 8 3A7A 0 SD6

5DB" *icrosoft 7pen $atabase <onnectivity (7$4<) is a standard programming interface for application developers and database systems providers. 4efore 7$4< became a de facto standard for /indows programs to interface with database systems programmers had to use proprietary languages for each database they wanted to connect to. Now 7$4< has made the choice of the database system almost irrelevant from a coding perspective which is as it should be. Application developers have much more important things to worry about than the synta% that is needed to port their program from one database to another when business needs suddenly change. #hrough the 7$4< Administrator in <ontrol Panel you can specify the particular database that is associated with a data source that an 7$4< application program is written to use. #hink of an 7$4< data source as a door with a name on it. 8ach door will lead you to a particular database. .or e%ample the data source named "ales .igures might be a ":+ "erver database whereas the Accounts Payable data source could refer to an Access database. #he physical database referred to by a data source can reside anywhere on the +AN.

/indows J' does not install the 7$4< system files on your system. Aather they are installed when you setup a separate database application such as ":+ "erver <lient or 9isual 4asic K.@. /hen the 7$4< icon is installed in <ontrol Panel it uses a file called 7$4<)N"#.$++. )t is also possible to administer your 7$4< data sources through a stand(alone program called 7$4<A$*.8C8. #here is a 3B(bit and a I&(bit version of this program and each maintains a separate list of 7$4< data sources.

.rom a programming perspective the beauty of 7$4< is that the application can be written to use the same set of function calls to interface with any data source regardless of the database vendor. #he source code of the application doesn2t change whether it talks to 7racle or ":+ "erver. /e only mention these two as an e%ample. #here are 7$4< drivers available for several do!en popular database systems. 8ven 8%cel spreadsheets and plain te%t files can be turned into data sources. #he operating system uses the Aegistry information written by 7$4< Administrator to determine which low(level 7$4< drivers are needed to talk to the data source (such as the interface to 7racle or ":+ "erver). #he loading of the 7$4< drivers is transparent to the 7$4< application program. )n a clientLserver environment the 7$4< AP) even handles many of the network issues for the application programmer. #he advantages of this scheme are so numerous that you are probably thinking there must be some catch. #he only disadvantage of 7$4< is that it isn2t as efficient as talking directly to the native database interface. 7$4< has had many detractors make the charge that it is too slow. *icrosoft has always claimed that the critical factor in performance is the quality of the driver software that is used. )n our humble opinion this is true. #he availability of good 7$4< drivers has improved a great deal recently. And anyway the criticism about performance is somewhat analogous to those who said that compilers would never match the speed of pure assembly language. *aybe not but the compiler (or 7$4<) gives you the opportunity to write cleaner programs which means you finish sooner. *eanwhile computers get faster every year.

"onclusion A new blind image authentication method with a data repair capability for binary(like grayscale document images based on secret sharing has been proposed. 4oth the generated authentication signal and the content of a block have been transformed into partial shares by the "hamir method which have been then distributed in a well(designed manner into an alpha channel plane to create a stego(image in the PNG format. #he undesired opaque effect visible in the stego(image coming from embedding the partial shares has been eliminated by mapping the share values into a small range of alpha channel values near their ma%imum transparency value of &''. )n the process of image block authentication a block in the stego(image has been regarded as having been tampered with if the computed authentication signal does not match that e%tracted from corresponding partial shares in the alpha channel plane. .or the self(repairing of the content of a tampered block the reverse "hamir scheme has been used to compute the original content of the block from any two untampered shares. *easures for enhancing the security of the data embedded in the alpha channel plane have been also proposed. 8%perimental results have been shown to prove the effectiveness of the proposed method. .uture studies may be directed to choices of other block si!es and related parameters (prime number coefficients for secret sharing number of authentication signal bits etc.) to improve data repair effects. Applications of the proposed method to the authentication and the repairing of attacked color images may be also tried.

eferences M3N <. ". +u and ,. 0. *. +iao =*ultipurpose watermarking for image authentication and protection > I%%% "rans. Image Process. vol. 3@ no. 3@ pp. 3'DJO3'J& 7ct. &@@3. M&N *. 6. <elik G. "harma 8. "aber and A. *. #ekalp =,ierarchical watermarking for secure image authentication with locali!ation > I%%% "rans. Image Process. vol. 33 no. B pp. 'P'O'J' Eun. &@@&. MIN Q. *. +u $. G. Cu and ". ,. "un =*ultipurpose image watermarking algorithm based on multistage vector quanti!ation > I%%% "rans. Image Process. vol. 3K no. B pp. P&&OPI3 Eun. &@@'. MKN *. /u and 4. +iu =$ata hiding in binary images for authentication and annotation > I%%% "rans. Multimedia vol. B no. K pp. '&PO'IP Aug. &@@K. M'N ,. 0ang and A. <. 1ot =4inary image authentication with tampering locali!ation by embedding cryptographic signature and block identifier > I%%% &ignal Process. 'ett. vol. 3I no. 3& pp. DK3ODKK $ec. &@@B. MBN ,. 0ang and A. <. 1ot =Pattern(based data hiding for binary images authentication by connectivity(preserving > I%%% "rans. Multimedia vol. J no. I pp. KD'OKPB Apr. &@@D. MDN ,. 0. 1im and A. AHf ="ecure authentication watermarking for halftone and binary images > Int. J. Imag. &yst. "echnol. vol. 3K no. K pp. 3KDO3'& &@@K.

MPN <. ,. #!eng and /. ,. #sai =A new approach to authentication of binary images for multimedia communication with distortion reduction and security enhancement > I%%% !ommun. 'ett. vol. D no. J pp. KKIOKK' "ep. &@@I. MJN 0. +ee E. ,ur ,. 1im 0. Park and ,. 0oon =A new binary image authentication scheme with small distortion and low false negative rates > I%I!% "rans. !ommun. vol. 8J@(4 no. 33 pp. I&'JOI&B& Nov. &@@D. M3@N 0. +ee ,. 1im and 0. Park =A new data hiding scheme for binary image authentication with small image distortion > Inf. &ci. vol. 3DJ no. && pp. IPBBOIPPK Nov. &@@J. A!!endi, Screen shots