History

The roots of watermarking are considered to be in the study of

“Steganography”. The word comes from the old Greek language and can be
translated as “cover writing”. Steganography was basically a way of
transmitting hidden (secret) messages between allies, being used as early
as 1000 B.C. First references to steganography appear in Homer’s “Iliad”
and “Histories of Herodotus”(440 B.C.)

Definition
Generally by watermarking one is hiding a message signal into a
host signal, without any perceptual distortion of the host signal. As the
word “watermarking” suggests, the mark itself is “transparent” or
unnoticeable for the human perception system. Usually, the host signal is a
digital media, like audio, video or images. As we all know, the Human Visual
System (HVS), is far from being perfect and for images/video it is possible
to modify the pixel values without the watermark being visible. Providing
that a certain HVS threshold is not exceeded, the modified (watermarked)
image/video will be undistinguishable to the human eye compared with the
original.

Applications of digital watermarking

The main application of digital watermarking is in copyright
protection. The owner of the image/video adds a watermark to his material
before it is distributed. In this way is possible to track illegal copies of
the copyrighted material.
Possible applications are:
- Broadcast monitoring of video sequences (digital TV)
- DVD protection and access control
- Database retrieval
- Robust identification of digital content

Classification of watermarks
Excluding the obvious case of visible watermarks, we can classify
the watermarks as FRAGILE or ROBUST. The fragile watermark is used
for detecting even the smallest alteration of an image, while the robust one
 is specially designed to withstand a wide range of “attacks”, which basically
are trying to remove the watermark, but without destroying the
image/video.
 Uncompressed data

 Bit-stream marking
Invisible
Visible
(Logos, Paper Watermarks)
Robust
Fragile
Types of watermarks
Fingerprints, Labels
Watermarks

A watermark can be added to the uncompressed data (raw data),

such as a standard uncompressed video sequence as described by ITU-R
601, or can be added to the compressed bit-stream (MPEG2).
 Non Perceptual

 Perceptual – VIP – Video Independent, Perceptual

 – VDP – Video Dependent, Perceptual
Type of marking
SPATIAL DOMAIN
FREQUENCY DOMAIN
DCT
DWT
FFT

The easiest (simplest) way to watermark an image/video, is to

change directly the values of the pixels, in the spatial domain. A more
advanced way to do it, is to insert the watermark in the frequency domain,
using one of the well known transforms: FFT, DCT or DWT. Other
techniques are possible as well, like using fractals for example.
The watermark embedding can be done uniformly (or in some other
empirical manner), which doesn’t account for the HVS properties (this is
called non-perceptual marking). Or, the watermarking embedding can use
some HVS models in order to optimise the embedding. Depending on the
HVS model used, the perceptual marking can be video independent (basic
HVS model) or preferably video dependent (advanced HVS model).

The Watermarking System

 1. The watermark embedding: the original video is watermarked with a
binary sequence of 64 data-bits, using a secret key, resulting the
watermarked video.
Watermark
Embedding
011011101010
Watermark Data Bits
(min. 64 bits)
Original Frames
Marked Frames
Secret Key
Marking

2. The watermarked video is now in the distribution channel.

Distribution Channel
 Here one could try to attack the watermark, in order to destroy it.
For example, a pirate who wants to breach the intellectual property rights
of the real owner, has all the interest to “remove” the watermark. In this
case the attacks are intentional. It is important to mention here, that the
intentional attacks must not alter too much the video sequence, because
the attacker still wants to use it, and a bad quality video sequence is
worthless. Some examples of intentional attacks are: the geometric
attacks, frame dropping, collusion, etc.
A different class of attacks are those qualified as unintentional,
for example those caused by typical processing in the video chain and
during transmission of the video signal.
3. Finally, the watermarking retrieval, which is the most difficult part of
the system, has to recover the watermark.
Marked Frames
(attacked)
Retrieving
011011101010
Watermark Data Bits
Secret Key
Watermark
Retrieving