Reversibility‐oriented secret image sharing mechanism with steganography and authentication based on code division multiplexing
2019; Institution of Engineering and Technology; Volume: 13; Issue: 9 Linguagem: Inglês
10.1049/iet-ipr.2018.5333
ISSN1751-9667
AutoresXiao‐Zhu Xie, Chin‐Chen Chang, Chia‐Chen Lin,
Tópico(s)Biometric Identification and Security
ResumoIET Image ProcessingVolume 13, Issue 9 p. 1411-1420 Research ArticleFree Access Reversibility-oriented secret image sharing mechanism with steganography and authentication based on code division multiplexing Xiao-Zhu Xie, Xiao-Zhu Xie Department of Information Engineering and Computer Science, Engineering Research Centre for Software Testing and Evaluation of Fujian Province, Xiamen University of Technology, Xiamen, 361024 People's Republic of China Department of Information Engineering and Computer Science, Feng Chia University, Taichung, 40724 TaiwanSearch for more papers by this authorChin-Chen Chang, Corresponding Author Chin-Chen Chang alan3c@gmail.com Department of Information Engineering and Computer Science, Feng Chia University, Taichung, 40724 TaiwanSearch for more papers by this authorChia-Chen Lin, Chia-Chen Lin Department of Computer Science and Information Management, Providence University, Taichung, 40724 TaiwanSearch for more papers by this author Xiao-Zhu Xie, Xiao-Zhu Xie Department of Information Engineering and Computer Science, Engineering Research Centre for Software Testing and Evaluation of Fujian Province, Xiamen University of Technology, Xiamen, 361024 People's Republic of China Department of Information Engineering and Computer Science, Feng Chia University, Taichung, 40724 TaiwanSearch for more papers by this authorChin-Chen Chang, Corresponding Author Chin-Chen Chang alan3c@gmail.com Department of Information Engineering and Computer Science, Feng Chia University, Taichung, 40724 TaiwanSearch for more papers by this authorChia-Chen Lin, Chia-Chen Lin Department of Computer Science and Information Management, Providence University, Taichung, 40724 TaiwanSearch for more papers by this author First published: 24 June 2019 https://doi.org/10.1049/iet-ipr.2018.5333Citations: 3AboutSectionsPDF ToolsRequest permissionExport citationAdd to favoritesTrack citation ShareShare Give accessShare full text accessShare full-text accessPlease review our Terms and Conditions of Use and check box below to share full-text version of article.I have read and accept the Wiley Online Library Terms and Conditions of UseShareable LinkUse the link below to share a full-text version of this article with your friends and colleagues. Learn more.Copy URL Share a linkShare onFacebookTwitterLinkedInRedditWechat Abstract In this study, the authors propose a secret image sharing scheme based on code division multiplexing. The secret data are decoded into n host images to generate n meaningful shares using n encoding codes. Any two of encoding codes are orthogonal to each other. If and only if with n shares together, the secret data can be retrieved successfully, and the host images can be recovered completely. The merits of the proposed scheme are summarised as follows: (i) the meaningful shares generated by the proposed scheme can successfully avoid suspicions by malicious attackers during transmission; (ii) the secret data can be losslessly retrieved and the host images can be recovered completely; (iii) the generated shares can be verified so that the forged shares can be detected; (iv) an arbitrary number of shares can be generated to meet the requirement of practical applications; and (v) moreover, n host images can be either identical or different. The experimental results and analyses show that the proposed scheme can provide high security and outperform state-of-the-art secret sharing schemes. 1 Introduction Secret sharing (SS) [1] refers to a technology that secret data are encoded into several shares which are distributed to a group of participants. If and only if more than a prescribed number of participants cooperate together, the secret data can be reconstructed accurately; otherwise, the secret data would not be leaked. Since the risk of leaking secret is diffused on a group of different participants, SS can provide strong information protection and gains attentions of many researchers. The SS scheme is customarily referred to as a threshold scheme, meaning that the secret data are encoded into n shares. After that, any or more out of n shares can reconstruct the secret data; on the contrary, any information on secret data cannot be accessed with less than k shares. The threshold scheme is first proposed in 1979 by Shamir [1], which is based on polynomial interpolation. In Shamir's scheme, a number D is divided into n shares according to a random polynomial , where , and the other coefficients are random numbers. Share is calculated by . Given any k shares of , the secret number D can be retrieved. Later on, Naor and Shamir extended the threshold scheme from the number domain to the image domain and proposed a scheme called visual cryptography (VC) [2]. In the VC, a binary image is divided into n transparent, meaningless image shares. The original image can be obtained when the stacked shares are equal to or more than k shares. Naor and Shamir's VC scheme [2] is a breakthrough in the field of visual SS (VSS); however, there exist several drawbacks: (i) it limits to binary images; (ii) the generated shares are meaningless; and (iii) pixel expansion occurs. Aiming at eliminating the drawbacks, many improved VSS schemes have been proposed [3-9]. Wu et al. [3] narrowed the range of share values by the quantisation technology, so as to avoid pixel expansion. Hou and Quan [4] proposed a pixel-unexpanded progressive VC by using two SS matrices. Schemes in both [5, 6] generated meaningful shares to reduce transmission risk. Kang et al. [7] presented a colour VC scheme which can be directly applied to colour images and the generated shares are meaningful. Schemes in [8, 9] provided verification capability to further enhance the security of secret data. However, none of these schemes can ideally solve the problems without involving other drawbacks. For example, Wu et al.'s scheme [3] cannot reconstruct the secret image completely; the meaningful shares in [5] look like the partial secret image and are easy to leak the secret information. As for Kang et al.'s scheme [7], each generated share has a much larger file size than the original image. He et al. [10] proposed a novel image sharing scheme based on steganography in 2017. The scheme in [10] first compressed the secret image by low complexity lossless compression for images compression, then generated n image shares which were derived from the compressed secret image based on polynomial interpolation, after that, the image shares were treated as the hidden data and embedded into n host images using least significant bit substitution. He et al.'s scheme overcomes the above-mentioned drawbacks by combining the SS mechanism and the data hiding mechanism. However, the host images cannot be recovered completely after the hidden data have been extracted. Lately, reversibility becomes further metrics in the field of VSS [11-14]. It refers that the host image can be recovered from shares after the secret data are extracted. In 2007, Chang et al. [11] proposed a (2, 2) secret image sharing scheme, in which secret data are hidden into one host image to generate two image shares under the guidance of a magic matrix. After the secret data are extracted with two shares, the host image can be recovered completely. The payload in [11] is 1 bpp and the shares maintain good ability with peak signal-to-noise ratio (PSNR) of 45 dB. Similarly, Lee and Huang [12] proposed a reversible secret image sharing scheme based on dual image shares using orientation combinations. Compared to the scheme in [11], Lee et al.'s scheme achieves a higher payload; meanwhile, a lower distortion. In 2016, a novel reversible (2, 2) secret image sharing scheme was proposed by Chang et al. [13], in which the payload is adjustable by changing the value of a control parameter . The payload in [13] increases significantly with the increment of and can achieve 3 bpp when is set to 6. A (t, n)-threshold reversible secret image sharing based on polynomial interpolation was proposed by Lin and Chan [14]. The maximum embedding rate (ER) of their scheme is bpp. However, schemes in [10-13] are restricted to two shares and do not provide a cheater detection mechanism. Although Lin et al.'s scheme expands to shares, cheater detection has not been included in their discussion. This paper proposes a lossless (n,n) secret image sharing scheme with cheater detection based on code division multiplexing (CDM), called CDM-based lossless (n,n)-secret image sharing (SIS) scheme for short. First, n rows (or columns) are chosen from the Walsh Hadamard matrix as encoding codes, any two of which are orthogonal to each other according to the property of the matrix. Second, the secret data are split into n equal pieces denoted as , each one of which is further divided into n equal sub-pieces . Third, one sub-piece is taken from each piece to form n sub-pieces, which are encoded into one host image to generate an image share. The other shares are generated in the same way. Furthermore, to prevent malicious cheater, an authentication code is encoded into each share. If and only if with n shares, the secret data can be extracted accurately and the host images can be recovered completely. It is worth noting that n host images can be either identical or different. The rest of this paper is organised as follows. Section 2 gives a brief description of preliminaries including Walsh Hadamard matrix, CDM and CDM-based reversible data hiding (RDH). The proposed scheme is depicted in detail in Section 3, followed by the experimental results and analyses in Section 4. Finally, a brief conclusion is given in Section 5. 2 Preliminaries 2.1 Walsh Hadamard matrix A Walsh Hadamard matrix is a specific square matrix with entries of 1 and −1, the dimension of some power of 2 and the property that any two different rows (or columns) are orthogonal to each other (namely the dot product of which is zero.). For instance, let be a row or a column in the Walsh Hadamard matrix, then it satisfies and . The orthogonality property eliminates the interference between different signals and enables them to share a single communication channel, the principle of which will be depicted in detail in the following section. The generation of the Hadamard matrix can be recursively formulated as follows (the lowest dimension is 2): In general (1)where and denotes the Kronecker product. 2.2 Code division multiplexing CDM is a technology which allows multiple users to share a single communication channel; in other words, multiple data signals are combined for simultaneous transmission over a common frequency band [15]. To eliminate the interference between multiple signals, CDM employs the spectrum spreading technology and a special coding scheme, where each signal is encoded using an encoding code. Specifically, CDM exploits the properties of orthogonality between two different rows (or columns) from Hadamard matrix and employs each row (or column) as an encoding code. Let a vector, say V, be an encoding code for one user, then V and −V represent the binary bits ‘1’ and ‘0’, respectively. Assume that and the to-be-transmitted data are , then the symbols would be (2)for better describing the algorithm, the binary bit ‘0’ is encoded into ‘−1’ so as to conduct the Kronecker product during the encoding procedure. An example of CDM encoding is given, as shown in Example 1. Suppose that there are two senders, say Sender 1 and Sender 2, transmitting data simultaneously in one channel. Sender 1, assigned an encoding code , wishes to transmit data . Sender 2, assigned an encoding code , wishes to transmit data . As expected, and are orthogonal, namely . The encoding procedure can be described as follows: Step 1: Encode the to-be-transmitted data: ‘1’ keeps unchanged and ‘0’ is encoded into ‘−1’. Take as an example, which is encoded into . Step 2: Conduct the operation of Kronecker product on the encoding code and the data to form the signal of each user, say and . As shown in Example 1, and are calculated to be (1, −1, 1, −1, −1, 1, −1, 1) and (−1, 1, 1, −1, 1, −1, −1, 1), respectively. Step 3: Add and to obtain the combined signal (0, 0, 2, −2, 0, 0, −2, 2). At the decoding phase, the signal is first segmented according to the pattern of encoding code. In the example demonstrated above, four numbers are treated as a pattern. Then, dot product operation is conducted on each pattern and the encoding code to obtain the data. The sign of the resulting value indicates the secret bit. Take Sender1 as an example. The signal is first segmented into and . Then, the dot product is performed on the signal and the encoding code , namely , resulting in with the meaning of data . Example 1.CDM encoding Step 0: Initialise Sender 1 is assigned , . Sender 2 is assigned , . Step 1: Encode data Step 2: Encode signal Step 3: Combine signal 2.3 CDM-based RDH A CDM-based RDH scheme proposed by Ma and Shi [16] is depicted briefly in this section. Interested readers can see [16] for a better understanding. 2.3.1 Data embedding Let be the secret data, which are encoded into according to (3). Orthogonal encoding codes are chosen from the Hadamard matrix. Carrier vectors selected from adjacent pixels of host image are referred to as . A positive integer is predefined as the gain factor. Then, the multi-level embedding algorithm can be formulated as (4), which means k bits are embedded into one carrier vector (3) (4)To extract the embedded bits accurately and achieve location map free, Ma et al. further categorised the embedding procedure into three cases as follows: Case 1: If , is evaluated embeddable, so one secret bit of is embedded into . Case 2: If , is evaluated un-embeddable. In this light, a pseudo bit ‘1’ is embedded. Case 3: If , is evaluated un-embeddable. In this light, a pseudo bit ‘−1’ is embedded. 2.3.2 Data extraction and image recovery The ith embedded bit can be extracted by conducting the operation of cross-correlation between and the encoding code , as shown in the equation below: (5)Since the encoding codes are mutually orthogonal, (5) can be reduced to the equation below: (6)The data extraction procedure is categorised into three cases corresponding to different cases indicated in the data embedding procedure: Case 1: , which indicates the condition . Then, we know one secret bit is embedded in the data embedding procedure. To go further, if , is obtained; on the other hand, namely , is obtained. Therefore, the embedded bit can be determined by the sign of . That is, . Case 2: , which indicates the condition . Then, we know a pseudo bit ‘1’ is embedded in the data embedding procedure. In this light, a pseudo bit ‘1’ is extracted and discarded. Case 3: , which indicates the condition . Then, we know a pseudo bit ‘−1’ is embedded in the data embedding procedure. In this light, a pseudo bit ‘−1’ is extracted and discarded. After all the embedded bits are extracted, the image can be recovered by the equation below: (7) 3 Proposed CDM-based lossless (n,n) SIS scheme In this section, we propose a lossless (n,n)secret image sharing scheme based on CDM with cheater detection feature, in whichone dealer and n participants are involved. Different fromCDM-based RDH mentioned above, the proposed scheme regards the encoding codes asprivate keys distributed to participants. Only n participants worktogether, the secret data can be retrieved accurately. Before going into details,the definitions of some terms are first given as below: Host image: An original image which secret data areembedded into. Encoding code: A vector which is used to encode thesecret data into the host image. Authentication code: One or more bits which are embeddedinto host images for cheater detection. As shown in Fig. 1, given the secretdata, n host images and n encoding codesCi's, the sender who is responsible forgenerating shares first embed the secret data into n host images togenerate n shares using the encoding codesCi's. After that, each encoding code and the authentication code are embedded into the respective share using atraditional RDH method called histogram shifting (HS) [17], resulting in n sharesSi's which are distributed to nparticipants Pi's. The generation of authenticationcodes will be described in the following section. At the stage of secret dataretrieval and host images recovery, when gathering n sharestogether, the dealer who is responsible for reconstructing secret data firstretrieves Ci's and ACi'sfrom the shares using HS scheme, then extracts sub-secret using the encoding code tocompute the authentication code 's, compared the extracted and the computed to verify the received shares. If all receivedshares are verified to be genuine, secret data can be retrieved accurately and thehost images can be recovered losslessly. Otherwise, if there exit one or more fakeshares, the data extraction procedure is terminated. Note that nhost images can be either identical or different. Fig. 1Open in figure viewerPowerPoint Flowchart of the proposed scheme The details of shares construction, secret data retrieval and the host images recovery are depicted in the following sections. Note that the proposed scheme is applicable to both grey-scale and colour images. For an easier explanation and better understanding, the images presented in this paper are grey scaled in default. The colour image is considered as a collection of three grey-scale images, say, red channel, green channel and blue channel. Then, each channel is treated as a grey-scale image and generates a respective share. Finally, three shares compose the final colour share. 3.1 Shares construction Fig. 2 shows the flowchart of shares construction. Tofurther enhance the security of the proposed scheme, the secret dataB are permuted with a random key at first. Then, thepermuted secret data are divided into n pieces 's, each of which is further divided inton sub-pieces 's, where . After that, one sub-piece is taken fromeach piece, resulting in n sub-pieces and encode them into onehost image using the respective encoding codes 's, so as to generate a share, in which thecorresponding and are embedded using HS scheme to generatethe final share . Take as an example (8) where represents the encoding operation. Fig. 2Open in figure viewerPowerPoint Flowchart of shares construction More details of the construction are shown in Algorithm 1 (see Fig. 3). As we can see, given the permuted secret data B, n host images 's, n encoding codes 's, n authentication codes 's and a gain factor , the dealer first encodes B to obtain , which are then split into n × n sub-pieces denoted as . Then each host image is divided into non-overlapping blocks to form the carrier vectors , where l is the length of , and means ‘the largest integer (9)smaller than or equal to’. Moreover, then we embed every n bits into carrier vector , the algorithm of which can be formulated as (9), where is a to-be-embedded bit from . Take as an example. Get 1 bit from the first sub-pieces of each piece, resulting in n bits and encode them into the carrier vector using the respective encoding codes 's according to the first equation in (9). The other shares are generated by embedding bits of the follow-up sub-pieces in the same way. Noting that not all the vectors are suitable for embedding, for those unsuitable, we embed a pseudo bit as mentioned in Section 2.3. For better understanding, let represent the to-be-embedded bit. The value of can be determined in three cases as follows: Case 1: If , namely the carrier vector is embeddable, get one bit from , namely . Fig. 3Open in figure viewerPowerPoint Algorithm 1: Shares construction Case 2: If , namely the carrier vector is un-embeddable, embed a pseudo bit ‘1’, which means . Case 3: If , namely the carrier vector is un-embeddable, embed a pseudo bit ‘−1’, which means . After all the secret data are embedded, we concatenate the stego 's to form the entire share . Finally, embed each encoding code and into respective share using the HS scheme. We briefly depict the embedding procedure of the HS scheme as below, interested readers can see [17] for more details. First, generate the histogram of share , then find one peak point and one zero point, which are denoted as . In the end, the embedding algorithm can be formulated as (10) in the case of (10)Herein, and p represent the marked pixel value and the original one, respectively. w is a to-be-embedded bit from and . In the case of , HS is similarly implemented. 3.2 Secret data retrieval and host images recovery For easier explanation, we suppose that n shares are verified to be genuine, then the dealer who is responsible for secret data construction can retrieve the secret data and further recover the host images. The detailed procedure of cheater detection will be described in the following section. As shown in Fig. 4, n participants 's share their shares together, from which n encoding codes are extracted first using the HS scheme. Then, conduct the decoding function on each encoding code and n shares to obtain partial secret data . After all the 's are extracted, integrate them to form the entire secret data. Please see Algorithm 2 (see Fig. 5) for details (11) (12) (13) Fig. 4Open in figure viewerPowerPoint Flowchart of secret data retrieval Fig. 5Open in figure viewerPowerPoint Algorithm 2: Secret data retrieval and image recovery 3.3 Example illustration An example of shares construction is given in Example 2. Suppose that a to-be-embedded secretstream (1,0,1,0,1,0, 0,0,1) is embedded into three host vectors , and to generate three shares using threeorthogonal encoding codes , and . The gain factor is set to 2. First, the secret stream isencoded into (1, −1, 1, −1, 1, −1, −1, −1, 1) according to (3), and then split into three pieces(1, −1, 1), (−1, 1, −1) and (−1, −1, 1), which are encoded into three hostimages using , and , respectively. Second, we calculate and , where . For instance, (14) The calculation results are shown in Example 2. Then accordingto rules described in Section 3.1, the vectors are determined embeddable orun-embeddable. That is, we have and which inform that we can embed one secretbit into using and , respectively; On the other hand, since , we embed a pseudo ‘−1’ into using . Thus, the share is generated bycalculating . Shares and are generated in the same way. An example of retrieving secret data and recovering the host image is given in Example 3 as well. Given the share and three encoding codes (15) (16) (17)and is known as 2. First, calculate and , the results of which are shown in Example 3. Then, and are obtained, thus secret bit ‘1’ and ‘−1’ are extracted according to the extraction function . Since , a pseudo bit ‘−1’ is extracted and discarded. After the secret bits are extracted, the host vector can be recovered by calculating . 3.4 Prevention of overflow/underflow The overflow/underflow problem may happen during the embedding process. Preprocess formulated as (18) is done to the original pixel to prevent such problem, where represents the preprocessed pixel. However, pixels belong to ranges and are confused to determine whether they are original pixels or the modified ones. Therefore, an indicator is used to identify confusing pixels. We use ‘1’ and ‘0’ to indicate the original and the modified pixels, respectively. During the shares construction, the indicators are embedded into the shares as part of the secret data and used to help recover the host images at the stage of host images recovery (18) Example 2.Shares construction Step 0: Initialise Secret data: (1, 0, 1, 0, 1, 0, 0, 0, 1); . Three encoding codes: , and . Three host vectors: , and . Step 1: Encode the secret data and split into three pieces 1, 0, 1, 0, 1, 0, 0, 0, 1)→(1, −1, 1, −1, 1, −1, −1, −1, 1)→(1, −1, 1), (−1, 1, −1), (−1, −1, 1). Step 2: Calculate and Step 3: Determine the embedding bits. Step 4: Generate shares Example 3.Secret data retrieval and host image recovery Step 0: Initialise Three encoding codes: , and . Step 1: Calculate and Step 2: Extract the embedded secret bits. Step 3: Recover vector 3.5 Cheater detection At the phase of share construction, the dealer generates one authentication code for each share according to the equation below: (19)where is a hash function MD5, consists of , namely the partial secret data which are embedded into share . As depicted in Section 3.1, each is embedded into the corresponding share during the procedure of share construction. At the stage of secret data retrieval, when the dealer obtains n shares, he/she first extracts one and one from each share using the HS scheme. Then decode share to obtain partial secret data by n encoding codes. After that, compute according to (19). If the extracted authentication code is the same as the computed one , the share is verified to be genuine; otherwise, be fake. If all the shares are verified to be genuine, the dealer can retrieve the secret data and further recover the host images as described in the above section. Otherwise, the cheater participant is required to retransmit the share. 4 Experimental results and analyses In this section, some experiments and analyses are made to demonstrate the performance of the proposed scheme. 4.1 Identical and different host images’ simulation results To demonstrate the performance of the proposed scheme, several simulation results were conducted in this paper. Test images are shown in Fig. 6. As mentioned in the previous section, the host images can be identical as well as different. Simulation results of both situations are given in Figs. 7 and 8. For a more intuitive presentation, we use the secret image as secret data, as shown in Fig. 6a. Denote the secret image as , which is first converted into a binary stream , where and are the width and the height of , respectively. For further security, we permute the binary stream B using a random key before being encoded into shares. The details of binary converting are described as below. Fig. 6Open in figure viewerPowerPoint Test images (a) Secret image with a size of , (b)–(d) host images with a size of Fig. 7Open in figure viewerPowerPoint SS using identical host images (, ) (a)–(c) Three shares with the size of , with PSNR of 45.57 dB, (d) Reconstructed secret image with (a)–(c) shares Fig. 8Open in figure viewerPowerPoint SS using different host images (, ) (a)–(c) Three shares with the size of , with PSNRs of 45.57, 45.19 and 45.77 dB, (d) Reconstructed secret image with (a)–(c) shares Denote as the pixel value of as the eight bits of , where and . The conversion between the pixel value and its bit plane follows the equations below: (20) (21)Fig. 7 shows the experimental results of SS using identical host images. The secrete image with a size of (see Fig. 6a) is encoded into one identical host image with a size of (see Fig. 6b) using three encoding codes , and , so as to generate three shares, as shown in Figs. 7a–c. Three shares are the same size as the host image, namely , and with PSNR of 45.57 dB. With three shares, the secret image can be reconstructed accurately (see Figs. 7d) and the host image can be recovered losslessly. Owing to the limitation of figure size, we omit to show the recovered host image. Fig. 8 gives the experimental results using indifferent host images. The secret image (see Fig. 6a) is encoded into three host images (see Figs. 6b–d) to generate three shares (see Figs. 8a–c). The three shares keep high quality with the PSNRs of 45.57, 45.19 and 45.77 dB, respectively. With three shares, the dealer can reconstruct the secret image accurately (see Fig. 8d) and recover the host images losslessly. Moreover, the ER of each share is controlled by the gain factor , the bigger , the larger the ER is. The maximum ER approaches 1 bpp when increases to a certain value. Moreover, the share images keep high quality with a significant ER. As shown in Figs. 7 and 8, the PSNR is higher than 45 dB when the ER is 0.17 bpp. The ER is calculated as the equation below: (22)where L is the length of embedding bits; n is the number of shares; and W and H are the width and the height of host images, respectively. Apparently, the total payload is the sum of embedding capacity of n shares, that is, . As we can see, the total payload is unlimited as n increases. Therefore, the proposed scheme can meet the requirements of different sizes of secret data. Even there is a large amount of secret data, we can handle it by generating more shares. 4.2 Security analysis The security threats of the SS scheme mainly comes from the following aspects: (i) the generated share is intercepted or destroyed during the transmission by malicious attackers; (ii) dishonest holders try to extract the secret data using less than the predetermined shares; and (iii) one cheater intends to defraud the secret data using a fake share. We analyse the security of the prop
Referência(s)