1. Introduction
Currently, remote sensing images are widely used in scientific research and various industries, including agriculture, vegetation monitoring, ecology and so on [
1,
2,
3]. However, security issues inhibit the convenience of remote sensing image sharing and transmission [
4], especially in the big data era [
5]. Robust watermarking technology has become a promising solution, which could be a viable form of protection regarding issues such as user tracking, forgery prevention and many other illegal uses [
6,
7,
8,
9,
10,
11]. The major property of these watermarking algorithms, named robustness, represents the resistance towards different types of attack [
12,
13,
14]. As the image cropping operation is the common processing method towards remote sensing images, the watermark algorithmic robustness against image cropping attack is evaluated in almost every watermarking algorithm study [
10,
11,
15,
16]. In fact, this type of robustness determines whether the copyright can be successfully identified after cropping a certain amount of remote sensing image.
It is common to verify the watermarking algorithmic robustness against image cropping attacks by experimentation, both for common images and remote sensing images. From the perspective of computational complexity, the experimental methods can be divided into three types: robustness verification, algorithm comparisons, and criteria systems. The robustness verification experiments are mainly conducted after the watermarking algorithms have been proposed by performing some attacks [
8,
10,
11,
17,
18,
19,
20,
21,
22,
23]. Normalized correlation (
NC) [
10,
17,
23] and bit error rate (
BER) [
17,
24] have been used as the evaluation indexes, which are calculated by comparing the extracted copyright information with the original. Thus the watermarking algorithmic robustness is determined conveniently and directly in this method. To demonstrate the robustness in a more reliably persuasive way, algorithm comparisons verify the robustness result of those proposed watermarking algorithms and others [
8,
18,
21,
22,
23]. In addition, the robustness criteria systems and platforms, which defined a variety of sample data, attacking types (including image cropping attack), attacking strength and other parameters, have been studied and published. These criteria systems, including “Stirmark” [
25,
26], Watermark Evaluation Testbed (WET) [
27] and Information Hiding and its Criteria for Evaluation (IHC) [
28], strive to extend the range of experimental parameters and conditions to more accurately estimate the robustness of the watermarking algorithms. For example, resistance to image cropping attack is considered as the most basic and low-level type of robustness in the Stirmark Benchmark evaluation system [
26], and image databases with strategies of repeated tests have been adopted [
29].
Unfortunately, as indicated above, it is obvious that the experimental method of evaluating robustness consumes many computational resources and much time. With the different parameters and experimental conditions, the computational resources and time used to evaluate the robustness will thus, increase further, especially for the remote sensing images in the big data era. Further, the experiments cannot cover all kinds of conditions as the parameters related to sample data, attacking type, attacking strength and so on. Thus, the robustness of the experimental results can only be used to approximate robustness ability and cannot, in theory, deduce the robustness index value.
The significance to theoretically analyze and calculate the robustness of watermarking algorithms against image cropping attack is believed to be important and therefore necessary for further study. Compared to research on watermark embedding and extraction strategies, not much attention has been paid to robustness analysis and its calculation methods. As regards the watermarking model, Adelsbach gave the definitions of the watermarking schemes and provided an abstract model of watermark embedding, extraction, and robustness [
30]. Regarding the embedding strategy, the quantization modulation has theoretically proved its superiority in robustness [
31]. In terms of watermark capacity analysis, Sun provided the closed formula for calculating the watermark capacities of the private Laplacian watermarking system [
32]. According to the robustness analysis and computation, Hu proposed the quantitative relationship between robustness and destructed watermark units [
33].
It should be noted that there are still two drawbacks to realize the computation of robustness under image cropping attack: (1) Quantitative models regarding robustness and image cropping attacks have not been comprehensively established. Some analyses of watermarking algorithms, in fact, focus on the watermarking model [
30], embedding strategy [
31] or watermarking capacity [
32], rather than the robustness. The work accomplished by Hu simplified the attack parameter as the ruined watermark bits count [
33], which bypassed the analysis of attacking properties and attacking strength; (2) The evaluation index of robustness is not universal, particularly in terms of comparisons. The commonly used indexes, including
NC or
BER, only represent the robustness in one single experiment. In this sense, these indexes vary according to the experimental data and conditions. Consequently, each robustness result from the research cannot be literally and directly compared.
Unlike the intentions of previous works, this study proposes a computation model to directly analyze and calculate the watermarking algorithmic robustness under image cropping attack. The computation model involves analysis principles, a robustness evaluation index and a computation method. The analysis principles are concluded from well-designed watermarking algorithms and a robustness index is defined based on probability. According to the proposed principles and index, a computation method is presented, based on the approaches of combinatorial mathematics and probability theory. In addition, the influences of different factors, related to the watermarking algorithm on robustness are further explored with the object of promoting the design of watermarking algorithms.
The rest of this paper is organized as follows:
Section 2 introduces the methodology of robustness computation model. In
Section 3 and
Section 4, the experimental results and discussions are given respectively. Finally, conclusions are given in
Section 5.
2. Methodology
The research diagram of robustness computation model is illustrated in
Figure 1.
The basic watermarking procedure is given previously. Then the computation model, consisting of analysis principles, robustness index and robustness computation method, will be proposed and clarified. Finally, experiments and deductions are conducted to verify the proposed model and promote the design of watermarking algorithms for remote sensing images.
2.1. Basic Watermarking Procedure
The basic watermarking procedure and fundamental knowledge are presented here. A classical watermarking procedure is shown in
Figure 2.
In the watermarking procedure, the original watermark information is converted into binary watermark sequence, then embedded into the watermark domain, which is transformed or generated from the host data. After watermarked data has been delivered or distributed, the copyright information is extracted by the inverse method and compared to the original one. Thus, the copyright can be identified clearly as long as the watermarking algorithm is sufficiently robust.
It has to be pointed that the copyright information includes text, voice, image and so on, and it is converted into binary sequence before the process of embedding. In addition, the comparison of copyright information is equal to the comparison of binary sequence as long as the conversion is reversible. Thus binary watermark sequence is regarded as the form of what watermarking algorithm embed and extracted in this paper. Watermark synchronization and robustness evaluation index, which are closely related to the issue of robustness computation for image cropping attacks, are discussed as follows.
2.1.1. Watermark Synchronization
The watermark synchronization is the vital factor related to robustness when a watermarking algorithm suffers the geometric type of attack such as image cropping, image rotation and so on. In fact, sometimes the watermarked values can remain correct but the error of synchronization will lead to the failure of watermark extraction. Specifically, consider the watermark sequence
WM being represented as:
where
L is the length of
WM. Under geometric attack, embedding
wm[
i] and directly extracting it could lead to the loss of
i. So
i is an important information part in both processes of watermark embedding and extraction. Therefore, the connections between
i and
wm[
i] represent the watermark synchronization. Commonly, a stable watermark synchronization definitely ensures the watermarking algorithm robustness against image cropping attack. So far this mechanism has been implemented in different ways, such as geometric reference points [
6], auxiliary location information [
10,
34], mapping method [
35], etc.
2.1.2. Robustness Evaluation Index
Evaluating a watermarking algorithm is commonly performed from several perspectives, e.g., peak signal-to-noise ratio (
PSNR) is used to measure the degradation of image fidelity [
13,
36], false negative probability (missed detection) or false positive probability (false alarms) are used to evaluate the authority and authentication of watermarking algorithms [
15,
37]. Regarding robustness, it is common to use
NC [
10,
17,
23] or
BER [
17,
24] to compare the similarity between the extracted watermark sequence with the embedded one in a quantitative method. For further evaluation, taking
BER as an example, assume
wm is the original watermark sequence and
is the extracted,
BER is calculated as:
where
NOR is the operation of exclusive
OR.
means there is no error in the extracted watermark. Commonly the threshold of
BER is set previously and empirically in robustness experiments.
2.2. The Principles of Robustness Computation
Based on the basic watermarking procedure, the principles are deduced through the analysis of watermarking algorithm and the attack behavior. Hence, these principles are divided into principles of watermarking algorithm and principles of image cropping attack. It can be seen that the principles are universal and do not have many constraints as they are proposed based on few essentially natural assumptions.
2.2.1. Principles of Watermarking Algorithm
• Principle 1: The watermark is repeatedly embedded into data.
The volume of the remote sensing image is commonly much larger than the length of binary watermark sequence, thus the watermark is usually embedded more than once into data for robustness enhancement. It is well known that this principle has been applied in current watermarking algorithms [
8,
38,
39,
40,
41]. In fact, the repeat embedding strategy can be regarded as the spread spectrum [
15], in that the former is a point of view in the spatial domain and the latter a strategy in the transformation domain. Considering that image cropping is conducted mainly in the spatial domain, thus the similar principle can be adequately used to express the strategy in the same domain for convenience.
Specifically, repetition is represented by
N, which means the watermark has been embedded
N times in the host image or that watermark information has been spread
N times in the transformation domain. To simplify the analysis principle and robustness computation model,
N is constrained as positive integers.
Figure 3 illustrates the concept of Principle 1.
• Principle 2: The watermark is distributed uniformly.
Because of the large size of the remote sensing image together with Principle 1, the watermark is equally distributed throughout the image. If the watermark energy is concentrated in a small part of the spatial domain or the narrow band in the transformation domain, the image fidelity, both in this area, together with the watermark robustness in other parts, will greatly degrade. Hence, Principle 2, which have been also adopted widely [
8,
10,
15,
41,
42], represents the tradeoff between watermark imperceptibility and robustness.
Quantitatively, if a watermark of
L bits length is repeatedly embedded into the remote sensing image, for
N times; in such a situation, Principle 2 suggests the watermark extraction will extract
a ×
L ×
N bits of the watermark sequence from
a percentage amount of the remote sensing image. This is made apparent in
Figure 4. It should be pointed out, however, that it is not consistent for the extracted watermark bits in
Figure 4 to be exactly situated, in the lower right-hand corner of the watermark information, as can be seen in
Figure 3. As noted in Principle 2 the watermark information is not necessarily embedded sequentially. In
Figure 4, the extracted watermark bits are regarded as randomly chosen from the whole watermark bits.
2.2.2. Principles of Image Cropping Attack
Image cropping can be seen as a type of geometric attack. Part of the watermarked image is deleted randomly and watermark extraction is conducted in the remaining part. The attacking strength is defined as the percentage of the cropped data. Some examples of different attacking strength are shown in
Figure 5.
Combine the attack behavior of image cropping with Principle 1 and Principle 2, the analysis principles of attack are deduced as follows:
• Principle 3: The watermark and its synchronization in the remaining part remain correct.
The watermark information contained in the cropped part, obviously, cannot be further retrieved. According to Principle 2, the uniformity guarantees the effectiveness of Principle 3 for both watermarking algorithms based on the spatial domain and those based on the transformation domain. After image cropping, the watermark synchronization mechanism becomes the key to guarantee the robustness. It appears obvious that a well-designed watermarking algorithm will reduce the attack influence on the remaining parts to a minimal level. Because watermark synchronization has different types of implementations [
6,
10,
34,
35], Principle 3 represents the ideal situation that all the watermark containing in the remaining part could be successfully extracted.
• Principle 4: The cropped part of image is chosen randomly.
As shown in
Figure 5, the cropped part of the image can be anywhere, even under the same attack strength. Because the cropped part is not fixed to a specific area for each attack, hence it is reasonable to assume that the cropped part is randomly chosen. In addition, according to the uniformity distribution in Principle 2, cropping image randomly equals a random deletion of the watermark information. An example is shown in
Figure 6 to illustrate the influence of image cropping attack on watermark.
In
Figure 6, the red blocks represent the deleted watermark bits, and the green blocks represent the correct. The deleted parts, the watermark information in cropped part of image, are distributed randomly in theory. According to Principle 3, the remaining parts of the watermark, which is denoted by green blocks, can then be correctly extracted.
2.3. Probability-Based Robustness Index
The second part of the computation model is the probability-based robustness index. As the common evaluation index,
BER indicates the watermarking algorithmic robustness in a single experiment, the calculation method refers to Equation (2). It cannot be used, however, to directly compare the
NC of different watermarking algorithms, due to the different experimental parameters and conditions. To more conveniently and comprehensively measure robustness, a quantitative index
R is proposed from the perspective of probability. Here
R is defined as the probability of successfully and correctly extracting the watermark information after attack according to the given threshold value
BER*. As
BER* is usually a constant value in the system of robustness evaluation, it is often omitted and index
R is then expressed as:
In Equation (3), AT represents the attack type, and in this paper denotes image cropping. S is the attacking strength indicating that cropping S percentage of data. L is the watermark information length and N represents the repeat times of the embedded watermark.
From the definition of index R, the superiorities of the proposed index, compared to traditionally used ones are explained as follows. First, robustness is evaluated by probability, thus the more times experiments are repeated under the same parameters of attack, the greater the likelihood that the evaluated value R will approximate to the theoretical value. Then, R has no relationship to the sample data. Hence this index has universal usage and contributes to the comparison of the robustness of different algorithms conveniently. In addition, providing the attacking strength is well defined, the proposed index is not limited to the image cropping discussed in this paper. Hence, this quantitative index is applicable to all kinds of attack. Accordingly, the universal index R can be used to evaluate robustness more scientifically and comprehensively.
2.4. Robustness Computation Method
Based on the principles and the evaluation index proposed above, the method to compute the watermarking algorithmic robustness is studied here. The main theory for solving this problem is the enumeration of the watermark distribution after image cropping attack, based on combinatorial mathematics. By dividing all the enumerations (denoted as
Etotal) by the number of successful situations, from which watermarks have been correctly extracted (denoted as
Esuc), the extraction probability
R is calculated directly as:
The question is then becomes how to calculate Etotal and Esuc. Obviously, the calculation of Etotal is easy to conduct according to the permutations, which will be given in the following section. However, the difficulty of this problem is to calculate Esuc. From the deduction above, Esuc can be acquired by enumerating the situations under image cropping attack with the watermark can still be extracted. But as far as we are concerned, counting the situations directly is easy to confuse some situations and complicated to give the computation formula correctly. In order to solve the problem, the auxiliary function has been adopted to calculate Esuc.
2.4.1. Introduction of the Auxiliary Function
Before the introduction and definition of the auxiliary function, the parameters in the computation are explained as follows. The evaluation index is expressed as R(Cropping, S, L, N). Here S represents the cropped data percentage and the threshold value of BER is set to r. According to Principle 1, the total embedded watermark bits are . From Principle 3 and Principle 4, the process of cropping images is randomly deleting certain number bits of watermark information. Based on principle 2, the operation of cropping S percentage of remote sensing image is equal to deleting S percentage of embedded watermark bits. To simplify the computation, the number of cropped watermark bits, denoted as D, is calculated as the expected value, which is . According to the BER calculation method and watermark synchronization, the watermark bit wm[i] will be properly extracted if any embedded watermark bits corresponding to i remain correct.
The auxiliary function
P(
L,
N,
D) is then introduced as the count of all enumerations of any watermark bit is not ruined totally when deleting
D watermark bits from watermark information length
L embedded over
N times.
Figure 7 illustrates an example belonging to the auxiliary function
P, and
Figure 8 shows an example not belonging to it as two watermark bits are totally cracked.
In
Figure 7, all the blocks represent extracted watermark bits, where the green one means that the remaining watermark bit has not changed after the attack. The red one represents the cropped bits. In this case, 30 bits have been cropped but watermark information can still be extracted correctly providing any column in the matrix has not been cropped totally. However, the situation in
Figure 8 does not belong to function
P as two watermark bits are both deleted, the watermark information extracted from this situation will lose the two bits permanently.
2.4.2. Computation of the Auxiliary Function
From the definition of auxiliary function
P, it is obvious that function
P cannot be calculated directly according to the accumulated counts when ruined watermark bits have increased from 1 to
L. This is because the circumstances have intersections. To count the permutations
P(L, N, D) without repetition and omission, the inclusion-exclusion principle of combinatorial mathematics is adopted. The inclusion-exclusion principle is expressed as follows. If there are sets
, the count of whole elements is calculated as:
where the symbol
represents the counts or cardinalities of the sets. By using the principle in auxiliary function
P, the sets containing
i-th watermark bit which has been ruined are denoted as
, then the function
P is:
represents the count of all the possible permutations when deleting
D watermark bits from
watermark bits. So
is calculated according to Equation (5). Specifically, the function
P (
L,
N,
D) is calculated as:
with
, the operation
rounds the value down to an integer.
2.4.3. Computation of Robustness Index
After the function
P has been introduced, the robustness index
R(
Cropping,
S,
L,
N) can be calculated in the theory. According to Equation (4), the formula of
Etotal is given as:
Esuc can then be calculated as the enumerations where ruined watermark bits are smaller than the threshold value
r with the help of auxiliary function
P. The number of minimum correct watermark bits (denoted as
X) is calculated by:
The operation
rounds the number up to an integer. By changing the count of correct watermark bits from
X to
L, the robustness index
R(
Cropping,
S,
L,
N) is calculated based on Equation (7):
Hence, the robustness index can be acquired based on the proposed formulae in numerical calculations.
4. Discussion
From the experimental results of the proposed model verification, it can be seen that as long as the watermarking algorithm is consistent with the fundamental principles, the algorithmic robustness against image cropping attack can be determined by the proposed model theoretically. According to the properties of the proposed model, the calculation process has no relationship to experimental data, and avoids the computational resource cost of experiments. Hence, it provides a theoretical method to evaluate the robustness against image cropping attack. In specific applications of watermarking remote sensing images, the model helps the copyright owner consider how much of the image may be cropped and decide the parameters of watermarking algorithms. Especially for the massive data providers, the theoretical calculation saves much energy and cost compared to practical experiments.
Further applicability improvements have also been made by the deduction experiments based on the proposed model. The relationships among robustness index, watermark information length and watermark repeat times have been investigated and revealed by these experiments. Thus, these enlightenments can be used to facilitate the design of watermarking algorithms which obey the proposed watermarking principles. For example, considering the fidelity requirement of remote sensing images, the total embedded watermark bits, which equals L × N, are strictly restricted. To increase the robustness against image cropping for existing watermarking algorithms, it is significant to increase N and decrease L without causing prominent distortions at the same time. Another example may be when watermarking remote sensing images in the form of big data. In this situation, larger L, which is necessary for copyright identification, will increase the complexity and the time of robustness computation. From the experimental results, smaller L can be used to reduce the computation time and provide the efficient method to accurately estimate the robustness.
Another potential application of the proposed model may be the promotion on research on robustness computation models against other kinds of attacks. The analysis of other image attacks needs further and detailed study, hence some views discussed here are incomplete. Generally, image attacks can be divided into two categories: content/pixel attacks and geometric transformation attacks. For example, the attacks of contents include filtering, JPEG compression (a standard created by the Joint Photographic Experts Group), noise addition and so on, while the attacks of geometric transformation include rotation, scaling, other affine transformations and so on. We note that the process of geometric attacks, as the compound of image geometric transformation and image contents resampling, seem to be more complicated in robustness analysis comparing with attacks purely on contents. Among the attacks mentioned above, the analysis principles of image cropping attack are simpler as watermark synchronization of the remaining part keep correct. Further study may be conducted on the basis of principles proposed in this paper and combined with the characteristics of various attacks.