A New Approach to the Secret Image Sharing with Steganography and Authentication

A new approach to the secret image sharing with steganography and authentication

C-C Wua, M-S Hwang*b and S-J Kaoa aDepartment of Computer Science and Engineering, National Chung Hsing University, No. 250, Kuo Kuang Road, Taichung 402, Taiwan bDepartment of Management Information Systems, National Chung Hsing University, No. 250, Kuo Kuang Road, Taichung 402, Taiwan

Abstract: Steganography can be viewed as cryptography. It includes a variety of secret communication methods that embed the existence of the message and makes it appear invisible. Both of them have been used to protect secret information. In 2004, Lin and Tsai proposed a novel secret image sharing method that was based on the (k, n)-threshold scheme with the additional capabilities of steganography and authentication. They protect a secret image by breaking it into n user-selected ordinary camouflage images. Besides, their methods also embed fragile watermark signals into the camouflage images by using parity bit checking. Recently, Yang et al. have shown three weaknesses in Lin–Tsai’s scheme and further proposed improvements in 2007. They not only improve authentication ability and image quality of stego- image, but also introduce a lossless version image sharing scheme for secret image. Unfortunately, there is a common drawback in Lin–Tsai’s and Yang et al.’s scheme: The enlargement size of the camouflage images and stego-images is 4 times of the secret image. However, the proposed scheme does only require 3.5 times enlargement. In addition, the experimental result of image quality analyzing shows that the proposed scheme has better image quality than other methods. In other words, the proposed scheme not only can save storage space but also enhances the image quality.

Keywords: cryptography, fragile watermark, secret image sharing, steganography

1 INTRODUCTION media types such as image, video, audio, and plain text present. Along with the quick development of Internet, it is In addition to traditional cryptography, image very convenient to publish and transmit digitized sharing is a steganography technique for protecting data via Internet. Besides, the information security secret image from being eavesdropped on electro- becomes a very important issue nowadays. Most of nically. The usage of secret image sharing in the information security issues could be used by steganography is very popular in the last several steganography and cryptography1 technologies. decades. There are several cryptography and stega- Steganography is usually applied in various digital nography technologies to deal with it, but there is no complete solution to solve this problem. One of the best is the theory of secret sharing scheme, which was . originally invented by Shamir in 1979.2,3 Shamir’s * Corresponding author: Min-Shiang Hwang, Department of secret sharing method is a threshold scheme based on Management Information Systems, National Chung Hsing University, No. 250, Kuo Kuang Road, Taichung 402, Taiwan; Lagrange’s polynomial interpolation. A secret shar- email: [email protected] ing scheme is a mean for n participants carry shares

IMAG 017 # RPS 2009 DOI: The Imaging Science Journal Vol 57

The Imaging Science Journal ims017.3d 21/11/08 22:13:41 The Charlesworth Group, Wakefield +44(0)1924 369598 - Rev 7.51n/W (Jan 20 2003) 2 C-C WU, M-S HWANG AND S-J KAO. ;

or parts si of a secret message s, where i is one to n. authentication. The second one is deterioration The basic idea is to split a secret message s into n quality of stego-image. The third one is non-lossless shares, such that for any k shares determine the secret image scheme for secret image. In 2007, Yang message s, where k(n and k is used as a threshold. et al. showed the three weaknesses and further The scheme can be defined as follow: proposed improvements. There are three improvements on those weaknesses: The first is to use a hash 1. Given any k or more out of n shares, it is easy to function with the secret key K to prevent dishonest reconstruct a given secret s. participant; the second is to rearrange the nine bits 2. If a dishonest participant has only knowledge of into the (262)-sized square block-wise to minimize any k21 or fewer shares, then there is no the distortion of stego-image; the third is to use the information about the secret s can be determined. power-of-two Galois Field GF (28) instead of prime Typically, such a method is called a (k, n)-threshold Galois Field GF (251) to recovery the lossless secret 10 secret sharing scheme. Secret sharing refers to any image from stego-images. However, the size of method for distributing a secret s among a group of n camouflage images and stego-images will be participants, each of which is allocated a share of the expanded to meet the requirement of the scheme. secret. The goal of the scheme is to divide s into n pieces Also, it is a common problem of most steganography which are to be shared by n individual participants. The methods used for embedding secret data in camou- 1,9,11,12 secret s can only be reconstructed when at least k shares flage images. Therefore, it is the purpose of are combined together; individual shares are of no use this study to reduce the enlargement of stego-images on their own and should give no information whatever and maintain the capability of image authentication. about the secret. The remainder of this paper is organized as follows. The succeeding studies focus on enhancing the In Section 2, we will describe Lin and Tsai secret image security of the keys in cipher systems.4–6 In 2002, sharing scheme and Yang et al.’s improvements. The Thien and Lin7 proposed a (k, n)-threshold secret details of the proposed scheme are described in Section image sharing scheme that produces smaller noise- 3. Section 4 gives the experimental results. Finally, we like shadow images. Secret image can be shared by briefly conclude the paper in Section 5. several shadow images in their scheme. The size of each generated shadow image is only 1/k of that of the secret image for convenient transmission, storage, 2 RELATED WORKS and hiding. The secret image sharing can be required the following properties: Related technique and two secret image sharing techniques are to be briefly introduced in this section. 1. The secret image s is used to generate n shadow The first one, optimal least-significant-bit substitu- images. tion (LSB) method is briefly reviewed in Section 2.1. 2. Given any k or more out of n shadow images, it is The second one, secret image sharing scheme easy to reconstruct the secret image s. proposed by Lin and Tsai is introduced in Section 3. Any k21 or fewer shadow images, there is no 2.2. The last one, improved scheme proposed by information about the secret image s can be revealed. Yang et al. is also described in Section 2.3. In order to identify and manage the shadow images in convenient they also develop another user-friendly 2.1 Optimal LSB method image sharing method such that the stego-images The simple LSB substitution method with optimal 8 look like ordinary image in 2003. pixel adjustment process (OPAP), called the optimal The usage of secret image sharing in steganography LSB method, was proposed by Chan and Cheng in 9 is very popular. In 2004, Lin and Tsai proposed a 2004.13 The basic idea of optimal LSB method is to novel secret image sharing scheme that was based on minimize the distortion by adding or subtracting a 2m 2,3 the (k, n)-threshold scheme with the additional factor from the embedded pixel, where m is the capabilities of steganography and authentication. number of embedded bits. By applying an OPAP, the However, Lin–Tsai’s scheme has three weaknesses absolute error is from 0(|d|(2m21 reduced to that pointed out by Yang et al. recently. The first one 0(|d|(2m21, where d is an error between pixels in is the problem of dishonest participant for image the camouflage image and in the stego-image. The

The Imaging Science Journal Vol 57 IMAG 017 # RPS 2009

The Imaging Science Journal ims017.3d 21/11/08 22:13:41 The Charlesworth Group, Wakefield +44(0)1924 369598 - Rev 7.51n/W (Jan 20 2003) NEW APPROACH TO SECRET IMAGE SHARING 3

1 The representation of the 4 pixels in each 262block 2 The result of applying Lin–Tsai’s secret image shar-

Bi ing scheme to block Bi distortion of the stego-image can be greatly reduced. Step 2. Take the integer value si9 from secret image S. In other words, the stego-image quality can be greatly Step 3. Take the integer value xi from each of the improved. The simple LSB method and the optimal camouflage images block Bi. LSB method had been investigated and described in Step 4. For each xi, compute the integer value of our early study.14 For more details about this F(xi) by equation (2) to form a secret share. method, the reader also can refer to Ref. 13. Step 5. Hide the F(xi) value into each camouflage image block Bi. 2.2 Review of Lin–Tsai’s scheme Step 6. Embed the fragile watermark15,16 signal bit p in each block B . Lin–Tsai’s scheme is based on the (k, n)-threshold i i Step 7. Repeat Steps 1–6 until all pixel of the secret secret image sharing scheme2 proposed by Shamir. image is processed. They assume that the secret data s is a pixel value i Figure 2 displays the result of applying Lin–Tsai’s from m6m secret image S, which is to be shared by n secret image sharing scheme with a pixel s as the participants. It is to be divided into m6m sections. i secret to block B , where p is a signal used for parity They suppose n user-selected ordinary camouflage i i bit checking. images for a group of n participants, of which the size is 2m62m. Each of them is to be divided into 262 blocks 2.3 Review of Yang et al.’s improved scheme (denoted as Bi). The four pixels in each block Bi is to be denoted as X , W , V ,andU . The following four 10 i i i i Yang et al. rearrange n integer values xi, n secret parameters, x , w , v ,andu , are their binary values, i i i i shares Fi and n hash bits bi to improvement of the respectively. An illustration of the locations of the stego-images quality. The secret shares Fi and hash pixels value in each block B is shown in Fig. 1. i bits bi are divided and embedded equally among in s Because of the secret data i is between 0 and 255, each block Bi. Furthermore, the eight bits (xi8xi7x- they let the prime number p to be equal to 251 which xi8xi7xi6xi5xi4xi3)2 and (vi4vi3)2 in each block are to is the greatest prime number. Furthermore, they combine to form an integer values xi, where choose the value xi from n camouflage images, and 1(im6m. The integer values can be computed by randomly choose a1,…,ak–1 from a uniform following equations: distribution over the integer value in [0, 251). Any ~ xi ½(xi8xi7xi6xi5xi4xi3xi2xi1)2AND 11111100(2) secret pixel si in secret image larger than 250 is 2 z½(vi8vi7vi6vi5vi4vi3vi2vi1) AND 00001100(2)=2 modified to 250 to form si9 by following equation: 2 s for s 250 ~ i if (xi8xi7xi6xi5xi4xi3vi4vi3)2 (3) s’i~ (1) 250 for s w250 i Yang et al. also confirm that dishonest partici- where 1(i(m6m. pants’ problem in Lin–Tsai’s scheme. To prevent Hence, the (k–1)-degree polynomial can be defined dishonest participants from malicious modifications as the following: and enhance authentication ability, the hash function 1 k{1 F(xi)~(s’iza1|xi z ...zak{1|xi ) mod 251 (2) with secret key K, HK(?), block index Bid and stego- image identification I is used to compute the hash where s is a secret data chosen from secret image, x id i i bit b for each stego-block B 9. The one bit keyed-hash is a pixel value chosen from camouflage images, and i i message authentication code (HMAC) b can be a ,…,a are randomly numbered. i 1 k21 computed by equation (4). The following steps are Lin–Tsai’s secret image b ~XORfg H ½(B’ {w )kB kI (4) sharing scheme: i K i i3 id id

Step 1. Choose a set of k21 randomly integer where (Bi92wi3) are 31 bits without a bit wi3 from the numbers for using as the ai. stego-block Bi9, Bid is a block index, Bidg[1, m6m],

IMAG 017 # RPS 2009 The Imaging Science Journal Vol 57

The Imaging Science Journal ims017.3d 21/11/08 22:13:42 The Charlesworth Group, Wakefield +44(0)1924 369598 - Rev 7.51n/W (Jan 20 2003) 4 C-C WU, M-S HWANG AND S-J KAO. ;

Iid is a stego-image identification, Iidg[1, n], HK(?)is a standard FIPS198 HMAC17 hash function with secret key K, and the Exclusive-OR operator symbol, XOR, means the binary operation on each bit. The secret pixel values in Lin–Tsai’s scheme greater 3 The result of applying Yang et al.’s secret image than 250 are modified to 250. In order to construct a sharing scheme to block Bi lossless version image sharing scheme for secret ( ( image, Yang et al. use the power-of-two Galois where 1 i m6m, and operator symbol, AND,is Field GF (28),10,18 instead of prime Galois Field GF referred to as the bitwise binary operation. Figure 3 (251). Hence, the improved (k21)-degree polynomial shows the result of applying Yang et al.’s secret can be defined as the following: image sharing scheme with a single image pixel si as 1 k{1 8 the secret to block Bi,whereFi1, Fi2, Fi3, Fi4, Fi5, F(xi)~(siza1|xi z ...zak{1|xi ) mod GF (2 ) Fi6, Fi7,andFi8 are binary format of secret share Fi (5) and bi is a hash bit computed by equation (4) used * where si is a secret data chosen from secret image, xi is a for authentication. Finally, n stego-images I with value chosen from camouflage images, and a1,…,ak21 2m62m size are obtained until all pixel of the secret are randomly numbered. The value of xi, si,anda1,…, image is processed. ak21 is between 0 to 255. Any secret pixels xi larger than 250 is no need to distort in secret image. For each unique value Xi, compute the integer value of F(xi)by 3 THE PROPOSED SCHEME equation (5) to form a secret share, respectively. Each pair of (xi, F(xi)) is a secret share of secret si. Suppose that we want to share the secret image S into

After that, n secret shares Fi and n hash bits bi are n user-selected ordinary camouﬂage images for a embed into four pixels Xi, Wi, Vi,andUi of each block group of n participants. The secret image S can be 8 Bi by simple LSB embedding method to form Bi0, recovered, only when k or more stego-images are respectively. The result of Xi9, Wi0, Vi0,andUi9 in each collected. We can use (k, n)-threshold secret image block Bi0 can be computed by following equations: sharing scheme to solve it, where k(n. ~ (Fi8Fi7)2 6 3.1 Secret image sharing procedure ½(Fi8Fi7Fi6Fi5Fi4Fi3Fi2Fi1)2AND 11000000(2)=2 ~ In the proposed scheme, the secret image S is to be (Fi6Fi5)2 divided into (m6m)/2 non-overlap sections. We 4 ½(Fi8Fi7Fi6Fi5Fi4Fi3Fi2Fi1)2AND 00110000(2)=2 assume that the secret data si9 is combined with two ~ integer pixels value s and s z chosen from m6m (Fi4Fi3)2 j j 1 secret image S, where 1(i((m6m)/2 and j526i21. 2 ½(Fi8Fi7Fi6Fi5Fi4Fi3Fi2Fi1) AND 00001100(2)=2 8 2 The value of si is equal to sj62 zsjz1, which is ~ (Fi2Fi1)2 shown in Fig. 4. Also, we assume n camouﬂage images for a group ½(Fi8Fi7Fi6Fi5Fi4Fi3Fi2Fi1) AND 00000011(2) 2 of n participants, of which the size is 1.75m62m. ~ X’i ½(xi8xi7xi6xi5xi4xi3xi2xi1)2AND 11111100(2) Each of them is to be divided into 167 blocks z B B (Fi8Fi7)2 (denoted as i). The seven pixels in each block i is to ~ be denoted as Xi, Ti, Ui, Vi, Wi, Yi, and Zi. The W’i ½(wi8wi7wi6wi5wi4wi3wi2wi1)2AND 11111000(2) following seven parameters, xi, ti, ui, vi, wi, yi, and zi, z (Fi6Fi5)2 are their binary values, respectively. An illustration of ~ V’’i ½(vi8vi7vi6vi5vi4vi3vi2vi1)2AND 11111100(2) z (Fi4Fi3)2 ~ U’i ½(ui8ui7ui6ui5ui4ui3ui2ui1)2AND11111100(2) z (Fi2Fi1)2 4 The secret data si9 is combined with sj and sjz1 from ’ 2 W’’i~Wi zbi|2 (6) secret image

The Imaging Science Journal Vol 57 IMAG 017 # RPS 2009

The Imaging Science Journal ims017.3d 21/11/08 22:13:43 The Charlesworth Group, Wakefield +44(0)1924 369598 - Rev 7.51n/W (Jan 20 2003) NEW APPROACH TO SECRET IMAGE SHARING 5

5 The representation of the 7 pixels in each in each 167 blocks Bi the locations of the pixels value in each block Bi is where 1(i((m6m)/2 and operator symbol, AND,is shown in Fig. 5. referred to as the bitwise binary operation.

Because the secret data si9 is between 0 and 65 535, In order to enhance the image quality of the stego- we let the prime number p be equal to 65 521 which is image, the optimal LSB method proposed by Chan and 13,14 the greatest prime number. Any secret data si9 larger Cheng is adopted in our scheme. After applying the than 65 520 is modified by following equation: OPAP to minimize the embedding error, the six pixels s’i if s’if65520 (Ti9, Ui9, Vi9, Wi9, Yi9,andZi9) will be modified to Ti0, s’’ ~ (7) i 8 Ui0, Vi0, Wi0, Yi0,andZi0,respectively. (sj{1)|2 zsjz1 if s’iw65520 where 1(i((m6m)/2 and j526i21. The keyed-HMAC proposed by Yang et al. is also adopted in our scheme so as to achieve higher levels Furthermore, we chose the value x (denoted as xi) of authentication ability. The one bit authentication form n camouflage images, and randomly chose a1, code, b , can be computed by equation (10). …, a from the integer value in (0, 65521]. i k21 ~ { Hence, the (k21)-degree polynomial can be defined bi XORfg HK½(B’’i ti2)kBidkIid (10) as the following: where (Bi02ti2) are 55 bits without a bit ti2 from the 1 k{1 g F(xi)~(s’’iza1|xi z ...zak{1|xi )mod 65521 stego-block Bi0, Bid is a block index, Bid [1, m6m], g (8) Iid is a stego-image identification, Iid [1, n], HK(?)is a standard FIPS198 HMAC17 hash function with where si0 is combined with two integer pixels value secret key K, and the Exclusive-OR operator symbol, chosen from secret image, xi is a pixel value chosen XOR, means the binary operation on each bit. from camouflage images, a1,…,ak21 are randomly numbered, and the modulo operation symbol, mod, After computing the one bit authentication code, bi 8 means the remainder after integer division. is embedded into stego-block Bi0 by simple LSB embedding method. The result of Ti90 in each stego- For each unique value Xi, compute the integer block Bi0 can be computed by following equation: value of F(xi) by equation (8) to form a secret share T’’’ ~T’’ zb |21 (11) F(xi), respectively. Each pair of (xi, F(xi)) is a secret i i i share of secret si0. After that, n secret shares Fi and n where 1(i((m6m)/2. Figure 6 displays the result of hash bits bi are embed into seven pixels Xi, Ti, Ui, Vi, applying the proposed secret image sharing scheme W , Y , and Z of each block B by simple LSB8 i i i i with si0 as the secret to block Bi, where Fi1, Fi2,…,Fi16 embedding method to form B 9, respectively. The i are binary format of secret share Fi and bi is a hash bit result of Xi, Ti9, Ui9, Vi9, Wi9, Yi9, and Zi9 in each computed by equation (10) used for authentication. block Bi9 can be computed by following equations: The steps will repeat until all pixels value of the ~ z T’i ½(ti8ti7ti6ti5ti4ti3ti2ti1)2AND 11111110(2) (Fi16)2 secret image is processed. Finally, n stego-images are ~ obtained which embeds a share of the secret image. U’i ½(ui8ui7ui6ui5ui4ui3ui2ui1)2AND 11111000(2)

z(Fi15Fi14Fi13) 2 3.2 Authentication and secret image recovery ~ V’i ½(vi8vi7vi6vi5vi4vi3vi2vi1)2AND 11111000(2) procedure z (Fi12Fi11Fi10)2 The following algorithm is our proposed secret image ~ authentication and recovery procedure. For any k out W’i ½(wi8wi7wi6wi5wi4wi3wi2wi1)2AND 11111000(2) of n stego-images, k secret shares F and k hash bits b z i i (Fi9Fi8Fi7)2 are extracted from six pixels (Ti90, Ui0, Vi0, Wi0, Yi0, ~ Y’i ½(yi8yi7yi6yi5yi4yi3yi2yi1)2AND 11111000(2) and Zi0) of each stego-block Bi90 by simple LSB 14 z extraction method, respectively. (Fi6Fi5Fi4)2 In authentication stage, the one bit authentication Z’i~½(zi8zi7zi6zi5zi4zi3zi2zi1) AND 11111000(2) 2 code, bi, is extracted in each stego-block Bi90 by z (Fi3Fi2Fi1)2 (9) following equation:

IMAG 017 # RPS 2009 The Imaging Science Journal Vol 57

The Imaging Science Journal ims017.3d 21/11/08 22:13:44 The Charlesworth Group, Wakefield +44(0)1924 369598 - Rev 7.51n/W (Jan 20 2003) 6 C-C WU, M-S HWANG AND S-J KAO. ;

6 The result of applying the proposed secret image sharing scheme to block Bi

~ 1 bi ½(ti8ti7ti6ti5ti4ti3biFi16)2 AND 00000010(2)=2 (12) the Lagrange’s polynomial interpolation theorem. Two integer pixels value s and s z in each secret where 1(i((m6m)/2. Any illegal stego-image will j j 1 data si9 can be obtained by following equations: fail in authentication stage. The attackers and the 8 s z ~s’ mod 2 dishonest participants can be detected by verifying j 1 i 8 and computing one bit authentication code by sj~(s’i{sjz1)=2 equation (10) because they without knowing the where 1(i((m6m)/2 and j526i21. secret key k. That is to say, the secret image recovery The steps will repeat until all stego-images are procedure is interrupted if any illegal stego-image is processed. Finally, the secret image is obtained by found. Otherwise, the secret image is recovered from compose all pixel value s and s z . k or more valid stego-images, which were authenti- j j 1 cated in authentication stage. In recovery stage, k authentic stego-images are 4 EXPREIMENTAL RESULTS divided into 0.25m62m non-overlapping 167 blocks, denoted as Bi90, where i51to(m6m)/2. The experiment process and analysis are performed Next, k integer values Xi and k secret share Fi in each on the platform Pentium IV 3.0 GHz CPU, 512 MB stego-block Bi90 can be computed and extracted by memory, and Windows XP Professional system. The following equations: program is developed by Java programming lan- ~ xi ½(xi8xi7xi6xi5xi4xi3xi2xi1)2 guage. The image process software is Adobe ~ Photoshop 6.0. (Fi16)2 (ti8ti7ti6ti5ti4ti3biFi16)2AND 00000001(2) The eleven standard greyscale test images (General ~ (Fi15Fi14Fi13)2 Test Pattern, Chemical Plant, House, Clock, Tree,

(ui8ui7ui6ui5ui4Fi15Fi14Fi13)2AND 00000111(2) Zelda, Airplane, Baboon, Lena, Pepper, and Sailboat) were extracted from USC-SIPI Image (F F F ) ~ i12 i11 i10 2 Database.19 To compare the performance of our (vi8vi7vi6vi5vi4Fi12Fi11Fi10)2AND 00000111(2) algorithm with Lin–Tsai and Yang et al.’s methods, ~ some experiments have made on these images. (Fi9Fi8Fi7)2 Suppose six secret images are ‘General Test (wi8wi7wi6wi5wi4Fi9Fi8Fi7)2 AND 00000111(2) Pattern’, ‘Chemical Plant’, ‘House’, ‘Clock’, ‘Tree’, ~ (Fi6Fi5Fi4)2 and ‘Zelda’ with 2566256 pixels, as shown in Fig. 7a–f respectively. Five 5126512 and five (yi8yi7yi6yi5yi4Fi6Fi5Fi4) AND 00000111(2) 2 4486512 pixels images; ‘Airplane’, ‘Baboon’, ~ (Fi3Fi2Fi1)2 ‘Lena’, ‘Pepper’, and ‘Sailboat’ are used as the camouflage images. Each of these camouflage images (zi8zi7zi6zi5zi4Fi3Fi2Fi1)2AND 00000111(2) is shown in Figs. 8 and 9 respectively. ~ | 15z | 12 Fi (Fi16)2 2 (Fi15Fi14Fi13)2 2 In this section, we confirm some experimental z | 9z | 6 results of the proposed scheme. The first experiment (Fi12Fi11Fi10)2 2 (Fi9Fi8Fi7)2 2 is to evaluate the image quality of the stego-image z | 3z ~ (Fi6Fi5Fi4)2 2 (Fi3Fi2Fi1)2 among Lin–Tsai’s scheme, Yang et al.’s scheme, and

(Fi16Fi15Fi14Fi13Fi12Fi11Fi10Fi9Fi8Fi7Fi6Fi5Fi4Fi3Fi2Fi1)2 the proposed scheme. The mean square error (MSE) and the peak signal-to-noise ratio (PSNR) are used to (13) compare image quality. where 1(i((m6m)/2 and operator symbol, AND,is Tables 1–3 present the image size comparison. The referred to as the bitwise binary operation. unit is kBytes. According to Tables 1–3, it is obvious

Collect at least k integer values Xi and k secret to ﬁnd that the proposed scheme has less image size share Fi, the secret data si9 can be obtained by using than other schemes.

The Imaging Science Journal Vol 57 IMAG 017 # RPS 2009

The Imaging Science Journal ims017.3d 21/11/08 22:13:45 The Charlesworth Group, Wakefield +44(0)1924 369598 - Rev 7.51n/W (Jan 20 2003) NEW APPROACH TO SECRET IMAGE SHARING 7

abc

def 7 The 2566256 secret images: (a) General Test Pattern; (b) Chemical Plant; (c) House; (d) Clock; (e) Tree; (f) Zelda

abc

de 8 The 5126512 camouﬂage images: (a) Airplane; (b) Baboon; (c) Lena; (d) Pepper; (e) Sailboat

IMAG 017 # RPS 2009 The Imaging Science Journal Vol 57

The Imaging Science Journal ims017.3d 21/11/08 22:13:46 The Charlesworth Group, Wakefield +44(0)1924 369598 - Rev 7.51n/W (Jan 20 2003) 8 C-C WU, M-S HWANG AND S-J KAO. ;

abc

de 9 The 4486512 camouﬂage images: (a) Airplane; (b) Baboon; (c) Lena; (d) Pepper; (e) Sailboat

Table 1 The image size comparisons in (2, 3)-threshold (unit: kB)

Secret image Stego-image Lin–Tasi’s scheme Yang et al.’s scheme Our scheme

General test pattern Airplane 256 256 224 64 Baboon 256 256 224 Lena 256 256 224 Total size 768 768 672 Chemical plant Airplane 256 256 224 64 Baboon 256 256 224 Lena 256 256 224 Total size 768 768 672

Table 2 The image size comparisons in (2, 4)-threshold (unit: kB)

Secret image Stego-image Lin–Tasi’s scheme Yang et al.’s scheme Our scheme

House Airplane 256 256 224 64 Baboon 256 256 224 Lena 256 256 224 Pepper 256 256 224 Total size 1024 1024 896 Clock Airplane 256 256 224 64 Baboon 256 256 224 Lena 256 256 224 Pepper 256 256 224 Total size 1024 1024 896

The Imaging Science Journal Vol 57 IMAG 017 # RPS 2009

The Imaging Science Journal ims017.3d 21/11/08 22:13:53 The Charlesworth Group, Wakefield +44(0)1924 369598 - Rev 7.51n/W (Jan 20 2003) NEW APPROACH TO SECRET IMAGE SHARING 9

Table 3 The image size comparisons in (2, 5)-threshold (unit: kB)

Secret image Stego-image Lin–Tasi’s scheme Yang et al.’s scheme Our scheme

Tree Airplane 256 256 224 64 Baboon 256 256 224 Lena 256 256 224 Pepper 256 256 224 Sailboat 256 256 224 Total size 1280 1280 1120 Zelda Airplane 256 256 224 64 Baboon 256 256 224 Lena 256 256 224 Pepper 256 256 224 Sailboat 256 256 224 Total size 1280 1280 1120

Table 4 The image quality comparisons in (2, 3)-threshold (The unit of PSNR is dB)

Lin–Tasi’s scheme Yang et al.’s scheme Our scheme

Secret Image Stego-Image MSE PSNR MSE PSNR MSE PSNR

General test pattern Airplane 7.78 39.22 4.53 41.57 4.15 41.95 Baboon 7.88 39.16 4.58 41.52 4.14 41.96 Lena 7.85 39.18 4.56 41.54 4.14 41.96 Average value 7.84 39.19 4.56 41.54 4.14 41.96 Chemical plant Airplane 7.78 39.22 4.48 41.62 4.13 41.97 Baboon 7.90 39.15 4.55 41.55 4.14 41.96 Lena 7.89 39.16 4.55 41.56 4.15 41.95 Average value 7.86 39.18 4.53 41.57 4.14 41.96

Table 5 The image quality comparisons in (2, 4)-threshold (The unit of PSNR is dB)

Lin–Tasi’s scheme Yang et al.’s scheme Our scheme

Secret image Stego-image MSE PSNR MSE PSNR MSE PSNR

House Airplane 7.80 39.21 4.52 41.58 4.14 41.96 Baboon 7.86 39.17 4.58 41.52 4.15 41.96 Lena 7.84 39.19 4.58 41.53 4.15 41.95 Pepper 7.87 39.17 4.60 41.51 4.16 41.94 Average value 7.85 39.18 4.57 41.53 4.15 41.95 Clock Airplane 7.79 39.21 4.48 41.62 4.15 41.95 Baboon 7.85 39.18 4.55 41.55 4.15 41.95 Lena 7.85 39.18 4.54 41.56 4.15 41.95 Pepper 7.87 39.17 4.56 41.55 4.14 41.97 Average value 7.84 39.19 4.53 41.57 4.15 41.95

Table 6 The image quality comparisons in (2, 5)-threshold (The unit of PSNR is dB)

Lin–Tasi’s Scheme Yang et al.’s scheme Our scheme

Secret image Stego-image MSE PSNR MSE PSNR MSE PSNR

Tree Airplane 7.79 39.21 4.46 41.64 4.15 41.95 Baboon 7.91 39.15 4.54 41.56 4.15 41.95 Lena 7.86 39.18 4.53 41.57 4.14 41.96 Pepper 7.86 39.18 4.56 41.55 4.14 41.96 Sailboat 7.95 39.13 4.62 41.48 4.14 41.97 Average value 7.87 39.17 4.54 41.56 4.14 41.96 Zelda Airplane 7.79 39.21 4.48 41.62 4.15 41.95 Baboon 7.88 39.17 4.55 41.55 4.16 41.94 Lena 7.85 39.18 4.54 41.56 4.15 41.95 Pepper 7.89 39.16 4.55 41.55 4.14 41.96 Sailboat 7.93 39.14 4.63 41.47 4.14 41.96 Average value 7.87 39.17 4.55 41.55 4.15 41.95

IMAG 017 # RPS 2009 The Imaging Science Journal Vol 57

The Imaging Science Journal ims017.3d 21/11/08 22:13:58 The Charlesworth Group, Wakefield +44(0)1924 369598 - Rev 7.51n/W (Jan 20 2003) 10 C-C WU, M-S HWANG AND S-J KAO. ;

abc 10 The 5126512 stego-images by applying Lin–Tsai’s scheme: (a) PSNR539.22 dB; (b) PSNR539.16 dB; (c) PSNR539.18 dB

Also, Tables 4–6 present the proposed scheme with the proposed scheme can apply for (k, n)-threshold comparisons to other schemes’ image quality. The scheme, where k(n. unit of PSNR is dB. The bigger the PSNR value, the In the next experiment, the image quality of better the image quality. According to Tables 4–6, it recovered secret images was evaluated among Lin– can find that the proposed scheme has better image Tsai’s scheme, Yang et al.’s scheme, and the proposed quality than other schemes. scheme. Table 7 presents the image quality of To illustrate this, there is an example with a (2, 3)- recovered secret images. The unit of PSNR is dB. threshold scheme is used here. The image ‘General According to Table 7, it shows that the quality of our Test Pattern’ as shown in Fig. 7a with the size of recovery results is almost lossless. 2566256 is used as the secret image. Three 5126512 and three 4486512 pixels images; ‘Airplane’, ‘Baboon’, and ‘Lena’ are used as the camouflage 5 CONCLUSIONS images. After embedding the secret image and authentication code into the camouflage images, The major difference between the proposed scheme Figs. 10 and 11 show the results by applying Lin– and other schemes is that we share two secret integer Tsai’s scheme and Yang et al.’s scheme. Our results pixels value from secret image into 167 blocks at a are also shown in Fig. 12a–c, respectively. In general, time. So the size of each camouflage images is only 7/

abc 11 The 5126512 stego-images by applying Yang et al.’s scheme: (a) PSNR541.57 dB; (b) PSNR541.52 dB; (c) PSNR541.54 dB

The Imaging Science Journal Vol 57 IMAG 017 # RPS 2009

The Imaging Science Journal ims017.3d 21/11/08 22:14:00 The Charlesworth Group, Wakefield +44(0)1924 369598 - Rev 7.51n/W (Jan 20 2003) NEW APPROACH TO SECRET IMAGE SHARING 11

abc 12 The 4486512 stego-images by applying our proposed scheme: (a) PSNR541.95 dB; (b) PSNR541.96 dB; (c) PSNR541.96 dB

Table 7 The image quality comparisons (The unit of PSNR is dB)

Lin–Tasi’s scheme Yang et al.’s scheme Our scheme

Recovered secret image MSE PSNR MSE PSNR MSE PSNR

General test pattern 1.3788 46.7358 0.0000 ‘ 0.0231 64.5001 Chemical plant 0.1024 58.0290 0.0000 ‘ 0.0019 75.2919 House 0.0000 ‘ 0.0000 ‘ 0.0000 ‘ Clock 0.0000 ‘ 0.0000 ‘ 0.0000 ‘ Tree 0.0000 ‘ 0.0000 ‘ 0.0000 ‘ Zelda 0.0000 ‘ 0.0000 ‘ 0.0000 ‘ Average value 0.2469 – 0.0000 – 0.0042 –

2(53.5) of that of the secret image. In Lin–Tsai’s scheme is better than others. However, the common scheme and Yang et al.’s scheme, the enlargement of problem is that all of these stego-images cannot recover to the stego-images size is 4 times that of the secret original camouﬂage images state. Further studies will image which is a drawback. Therefore, our study propose a lossless image sharing scheme for stego-images. improves this disadvantage and implements it. Our scheme is only 3.5 times larger. In other words, our ACKNOWLEDGEMENTS scheme can make total image sizes at its lowest. It is not only convenient for storage but also efﬁcient for The authors are appreciated to the anonymous transmission. Furthermore, the simple LSB substitu- reviewers, Professor Hsien-Chu Wu, and Nan-I Wu, tion with an OPAP (optimal LSB method) proposed for their comments on an earlier version of this paper. by Chan and Cheng is adopted in our scheme. For The comments and advices of they concerning our this reason, the proposed scheme has better image manuscript were extremely helpful to us in preparing a quality compared with Lin–Tsai’s scheme and Yang clearer version. Also, this work was supported in part et al.’s scheme. The keyed-HMAC proposed by Yang by Taiwan Information Security Center (TWISC), et al. is also adopted in the proposed scheme to deal National Science Council under the Grants NSC 96- with the problem of dishonest participant. In general, 2219-E-001-001, and NSC 96-2219-E-009-013. the proposed scheme can achieve lossless version for secret image by replacing the prime (65521) with Galois Field GF (216) in equation (8). REFERENCES Experimental results can be explained well. We 1 Hsu, C. T. and Wu, J. L. Hidden digital watermarks in conclude from the experiment described above that our images. IEEE Trans. Image Process., 1999, 8, 58–68.

IMAG 017 # RPS 2009 The Imaging Science Journal Vol 57

The Imaging Science Journal ims017.3d 21/11/08 22:14:06 The Charlesworth Group, Wakefield +44(0)1924 369598 - Rev 7.51n/W (Jan 20 2003) 12 C-C WU, M-S HWANG AND S-J KAO. ;

2 Shamir, A. How to share a secret. Commun. ACM, 12 Wu, D. C. and Tsai, W. H. Embedding of any type of 1979, 22, 612–613. data in images based on a human visual model and 3 Naor, M. and Shamir, A. Visual cryptography. Lect. multiple-based number conversion. Patt. Recogn. Lett., Notes Comp. Sci., 1995, 950, 1–12. 1999, 20, 1511–1517. 4 Beimel, A. and Chor, B. Universally ideal secret sharing 13 Chan, C. K. and Cheng, L.-M. Hiding data in images by schemes. IEEE Trans. Inform. Theory, 1994, 40, 786– simple lsb substitution. Patt. Recogn., 2004, 37, 469– 794. 474. 5 Stinson, D. R. Decomposition constructions for secret- 14 Wu, N. I. and Hwang, M. S. Data hiding: Current sharing schemes. IEEE Trans. Inform. Theory, 1994, status and key issues. Int. J. Network Secur., 2007, 4,1– 40, 118–125. 9. 6 Beimel, A. and Chor, B. Secret sharing with public 15 Lin, E. T. and Delp, E. J. A review of fragile image reconstruction. IEEE Trans. Inform. Theory, 1998, 44, watermarks, Proc. Int. Conf. on Multimedia and 1187–1896. security workshop: ACM Multimedia ’99, Orlando, 7 Thien, C. C. and Lin, J. C. Secret image sharing. FL, USA, October 1999, ACM, Vol. 1, pp. 25–29. Comput. Graph. UK, 2002, 26, 765–770. 16 Feng, J. B., Lin I. C., Tsai, C. S. and Chu, Y. P. 8 Thien, C. C. and Lin, J. C. An image-sharing method Reversible watermarking: Current status and key issues. with user-friendly shadow images. IEEE Trans. Circuits Int. J. Network Secur., 2006, 2, 161–170. Syst. Video Technol., 2003, 13, 1161–1169. 17 Stallings, W. Cryptography and network security: 9 Lin, C. C. and Tsai, W. H. Secret image sharing with Principles and practice, 2003, 3rd edition, (Prentice steganography and authentication. J. Syst. Softw., 2004, Hall, Upper Saddle River, NJ). 73, 405–414. 18 Wang, R. Z. and Su, C. H. Secret image sharing with 10 Yang, C. N., Chen, T. S., Yu, K. H. and Wang, C. C. smaller shadow images. Patt. Recogn. Lett., 2006, 27, Improvements of image sharing with steganography 551–555. and authentication. J. Syst. Softw., 2007, 80, 1070–1076. 19 Weber, A. G. The USC-SIPI image database. Version 5. 11 Kundur, D. and Hatzinakos, D. Proc. Int. IEEE, 1999, USC-SIPI report no. 315, University of Southern 87, 1167–1180. California, 1997.

The Imaging Science Journal Vol 57 IMAG 017 # RPS 2009

The Imaging Science Journal ims017.3d 21/11/08 22:14:11 The Charlesworth Group, Wakefield +44(0)1924 369598 - Rev 7.51n/W (Jan 20 2003) Authors Queries

Journal: The Imaging Science Journal Paper: 017 Title: A new approach to the secret image sharing with steganography and authentication

Dear Author During the preparation of your manuscript for publication, the questions listed below have arisen. Please attend to these matters and return this form with your proof. Many thanks for your assistance

Query Query Remarks Reference

1 Author: Please confirm the run- ning head.

The Imaging Science Journal ims017.3d 21/11/08 22:14:11 The Charlesworth Group, Wakefield +44(0)1924 369598 - Rev 7.51n/W (Jan 20 2003)