Algorithm Testing Overview

To find out how resistant our implemented watermarking algorithms are to attacks we devised a testing scheme that covers all common and malicious attacks. It is the point of testing to show in what ways certain watermarks are weaker than others. There is currently no watermark resistant to all image transformation attacks. It is important to prioritize these attacks from common to the most malicious. It is our hope that the implemented watermarking algorithms will be at least resistant to the most common of attacks. Complete watermark security is a goal that is currently unachievable and we are looking for about an 20% watermark recovery. A corollary of this is that a watermarkingmethod must first of all be robust against those transformations used by legalusers of the image. If watermark stands up against common attacks it is then important to concentrate on the various complex attacks that malicious attackers might employ. However, this is pointless if the method is not properly resistant to image edits made by either the original owner or valid users of the image. We state that, roughly in order of importance, a watermarking method must handle:

· Scaling, especially (filtered) down-sampling.
· GIF and JPEG compression. (Color quantization, and lossy compression.)
· Simple brightness, contrast, or gamma adjustment.
· Border cropping.

Some of the malicious attacks listed below:

Image modification attacks. These use image transformations such as those isted above.


Bit-level attacks. If the attacker has access to a watermark presence detector, the contents and location of the watermark can be derived. This also makes it much easier to remove a watermark.


Watermark-insertion attacks. If the attacker has access to a watermark
insertion device, and the watermarking process is not a one-way function,
it is possible to recover the original, unwatermarked image, by pre-distorting
the copy, and rewatermarking it.

Statistical averaging attacks. The attacker uses multiple watermarked images to estimate the watermark, and then subtracts this from the image. This is especially a problem with video.

Scrambling attacks. By inserting a scrambler before the watermark
detector, and a de-scrambler after it, detection of the watermarking can be
avoided.

Editing watermarked images in Photoshop will do some of the testing but majority
of the testing will be done using test software called Stirmark. Stirmark is a tool
developed to test the robustness of image marking systems. Stirmark resamples an
image that has undergone minor geometric distortion. It can be applied to photographic digital images and it will distort the watermark of too simplistic marking techniques such that the embedded watermark or steganographic message cannot any more be detected and decoded from the result image. The authors report that this attack defeats the majority of commercial image marking products tested.

Correlations of attacked watermarked images with that of original watermarked
image will be evaluated and it is the purpose of our testing to look for a strong
correlation, say of 20%.