The Data Daily

Digital Image Watermarking Techniques: A Review

Digital Image Watermarking Techniques: A Review

Digital Image Watermarking Techniques: A Review
Department of Computer Science and Engineering, Mawlana Bhashani Science and Technology University, Tangail-1902, Bangladesh
Department of Computer Science and Engineering, Jahangirnagar University, Savar, Dhaka-1342, Bangladesh
Author to whom correspondence should be addressed.
Information 2020, 11(2), 110; https://doi.org/10.3390/info11020110
Received: 11 January 2020 / Revised: 31 January 2020 / Accepted: 13 February 2020 / Published: 17 February 2020
(This article belongs to the Section Review )
Cite This Paper
Digital image authentication is an extremely significant concern for the digital revolution, as it is easy to tamper with any image. In the last few decades, it has been an urgent concern for researchers to ensure the authenticity of digital images. Based on the desired applications, several suitable watermarking techniques have been developed to mitigate this concern. However, it is tough to achieve a watermarking system that is simultaneously robust and secure. This paper gives details of standard watermarking system frameworks and lists some standard requirements that are used in designing watermarking techniques for several distinct applications. The current trends of digital image watermarking techniques are also reviewed in order to find the state-of-the-art methods and their limitations. Some conventional attacks are discussed, and future research directions are given.
1. Introduction
Image processing and the internet have made it easier to duplicate, modify, reproduce, and distribute digital images at low cost and with approximately immediate delivery without any degradation of quality. Network technology has been developing and progressing so quickly that it threatens the privacy and security of data. Therefore, content authentication, copyright protection, and protection against duplication play an essential role in facing the challenges of the existing and upcoming threats in maintaining digital information. Digital image watermarking is simply the digital watermarking of an image, which provides an alternative solution for ensuring tamper-resistance, the ownership of intellectual property, and reinforcing the security of multimedia documents. Any digital content, such as images, audio, and videos, can hide data. Digital content can easily be illegally possessed, duplicated, and distributed through a physical transmission medium during communications, information processing, and data storage. Digital image watermarking is a technique in which watermark data is embedded into a multimedia product and, later, is extracted from or detected in the watermarked product. These methods ensure tamper-resistance, authentication, content verification, and integration of the image [ 1 ]. It is not very easy to eliminate a watermark by displaying or converting the watermarked data into other file formats. Therefore, after an attack, it is possible to obtain information about the transformation from the watermark. To discern the difference between digital watermarking and other technologies such as encryption is essential [ 2 ]. Digital-to-analog conversion, compression, file format changes, re-encryption, and decryption can also be survived through digital image watermarking techniques. These tasks make it an alternative (or complementary) to cryptography. The information is embedded in the content and cannot be removed by normal usage [ 3 ].
The word “steganography” is derived from the Greek word “steganos.” This technique conceals communication and changes an image such that only the sender and the intended receiver can identify the sent message. This technique makes detection a more difficult task. Instead of encrypting messages, steganography can be used to hide them in other inoffensive-looking objects, so their existence is not discovered and, therefore, can be used as an alternative tool for privacy and security. However, due to the rapid proliferation of internet and computer networks, steganography can be used as a tool for exchanging information and planning terrorist attacks [ 3 ]. Steganography hides the existence of a cover image, while a watermarking technique embeds a message into the actual content of the digital signal within the signal itself. Therefore, an eavesdropper cannot remove or replace a message to obtain an output message. To protect content from unauthorized access, embedding information into the original image is essential. Digital image watermarking is imperceptible and hard to remove by unauthorized persons. The technique has been implemented by various algorithms using the spatial and frequency domains, each having their distinct benefits and boundaries. The contributions of this research are as follows:
We identify the limitations of existing watermarking techniques;
We present the current trends of image watermarking techniques;
We investigate the techniques that meet some of the requirements of image watermarking techniques perfectly;
We point out the challenges that must be addressed by future researchers.
In this paper, the framework of general watermarking methods, separated into the processes of embedding and extracting watermarks, along with a general background, is shortly revised in the first section. Some standard design requirements for evaluating the performance of watermarking systems are listed in the following subsections. Related applications that make watermarking systems a highly focused research area are also described. Based on the working domain, a survey of digital image watermarking techniques is subsequently presented. Then, a summary of the research results of the discussed state-of-the-art methods and current trends in the field is described in tabular format. Next, we list some conventional attacks or threats which must be treated as a challenge for designing an efficient system. Performance metrics, such as peak-signal-to-noise ratio (PSNR), structural similarity index (SSIM), mean squared error (MSE), and normalized cross-correlation (NCC), are also briefly described. Finally, the last section concludes the study.
2. Image Watermarking Backgrounds and Frameworks
At present, digital content can be spread easily through communication channels due to the rapid rise of global computer networks, the internet, and multimedia systems. To protect digital information against illegal possession, duplication, manipulation, usage, and distribution through physical transmission media during communications, information processing, and data storage, digital image watermarking makes it possible to construct a platform for researchers by considering it as a research area.
Paper watermarks began as early in 1282 and, therefore, digital watermarking techniques have been improved by integrating paper configuration, quality, and quantity considerations. Watermarking has been used broadly for enhancing security [ 4 ]. The computerized technology of digital watermarking appeared in 1988, providing confidentiality, integrity, and availability, and various innovations regarding digital image watermarking have been incorporated since 1995. In watermarking techniques, a symbol of owner authenticity (watermark) is embedded into the host signal and, later, this watermark data can be extracted. The watermark data, which may be visible or invisible, can contain a single bit, a set of binary data, or a number of samples in the host signal [ 5 ].
To imitate the human visual perception system, information entropy plays an essential role in the digital image watermarking scheme. To achieve an optimal balance between imperceptibility, robustness, and capacity of a digital image watermarking technology, information entropy can be used through a Just Noticeable Difference (JND) model [ 6 ]. Information entropy can be defined in terms of masking effect and can be utilized to determine the positions at which the data are inserted. This scenario minimizes perceptual distortion and gives better robustness and good imperceptibility. The entropy of a system with n states can be defined by the following equations [ 7 ]:
Information Entropy,
where Pi denotes the probability of occurrence for the event i.
For the secured communication of a message, the process begins with a cover image (host image). The host image can be considered purely as noise, noise with side information, or as a multimedia message that must be transmitted. The watermarked data passes through a communication channel, which may be lossy, noisy, or unreliable. Hence, the watermarked data may suffer from possible attacks, including lossy compression, geometric distortion, signal processing operations, and signal conversion, among others; that is, there may be a difference between the original watermarked data and the received data [ 8 ]. A watermarked image passes through a communication channel, which incurs noise. This noise maximizes the information entropy [ 9 ], which increases the uncertainty or ambiguity of the average information contained in an image. Watermarking techniques can, thus, only be applied to high-resolution and complex-patterned images that have higher information entropy. Therefore, to improve security, the encoded image must be processed such that the image reconstruction will be robust. A new optical image encoding method obtains the encoded image by a random-phase encoding technique in both the input and the Fourier planes [ 10 ], in which the two random phase plates at the input and the Fourier planes are replaced by two deformable mirrors, respectively. Thus, the system can achieve arbitrary beam shaping in the amplitude and phase information of the image [ 11 ].
For a secure communication model, the digital image watermarking process consists of a watermark embedding part and a watermark extraction part. In the watermark embedding part, at first, the cover image is pre-processed, and then, its entropy is evaluated to find the integrating capacity information of the image. Then, using an optical image encoding method, the encoder embeds a watermark image into the high entropy value of the host image by using a secret key. Then, the system achieves the amplitude and phase shaping information of a laser beam and generates the watermarked image. The watermark embedding part is depicted in Figure 1 a. Finally, in the watermark extraction step, the watermarked image is pre-processed. After that, the system extracts the amplitude and phase shaping information of the laser beam patterns. Then, the entropy of these beam patterns is evaluated. A high entropy value is selected for extracting the watermark, in order to ensure better robustness and imperceptibility. A decoder detects the watermark image as output from the watermarked image using the same key, as depicted in Figure 1 b. The system demonstrates that image reconstruction of the watermark image from the watermarked image is simple, robust, and imperceptible.
The watermark embedding process generates a watermarked image, DW, which can be described by the following function:
3. Design Requirements of Image Watermarking System
Digital image watermarking techniques add a watermark into multimedia data to ensure authenticity and to protecting a copyright holder from the unauthorized manipulation of their data [ 12 ]. Hence, it is necessary to define the requirements or characteristics of a watermarking system, which are listed in the following subsections. Figure 2 illustrates the requirements of watermarking techniques. Based on applications, these requirements evaluate the performance of watermarking systems.
3.1. Imperceptibility
Imperceptibility is key in evaluating the performance of a watermarking system. It is represented by invisibility and fidelity. In this case, the watermarked image must appear the same as the original image. They should be perceptually indistinguishable to humans, despite a minor degradation in brightness or image contrast. Thus, the image quality must not be affected. There are different methods for evaluating the imperceptibility of a watermarking system. Yang et al. [ 13 ] have proposed a new method based on the masking features of the human visual system. Their proposed method, Masking-based Peak Signal to Noise Ratio (MPSNR), performed better in evaluating the imperceptibility of watermarking systems. Their experimental results showed that higher masking strength provides less quality degradation in the watermarked image. For improving watermark imperceptibility, larger singular values are selected for inserting the watermark image, based on watermark capacity [ 14 ]. In this regard, the structural similarity index (SSIM) is used to evaluate watermark imperceptibility. The quality of the watermarked image may be lost due to the watermark embedding process. However, in invisible watermarking, it is often unnoticeable by the human visual system. High peak-signal-to-noise ratio (PSNR) results imply better imperceptibility. The best watermarking techniques ensure better imperceptibility, meaning that they generate no visual difference between the host image and the watermarked image. One method [ 15 ] selects the best region of the cover image for watermark insertion to achieve better imperceptibility. A visible watermark in an image is sometimes preferred [ 16 ]. However, invisible watermarking systems are more popular. Imperceptibility may be used in digital imaging, telemedicine, digital documents, and so on.
3.2. Robustness
Robustness is the requirement that a watermark is able to be detected after some common signal processing manipulation operations in digital image watermarking systems have been applied. These operations include spatial filtering, color mapping, scanning and printing, lossy compression, scaling, translation, and rotation. They also include other operations, such as analog to digital (A/D) conversions, digital to analog (D/A) conversions, image enhancement, cutting, and so on [ 2 ]. There exist several general approaches to achieving high robustness, such as redundant embedding, spread spectrum, and embedding watermarks, among others. Therefore, a good digital image watermarking system should be robust against various attacks, such that unauthorized distributors cannot remove or exclude watermark data. Depending on the application, not all watermarking algorithms may have robustness at the same level. Some are robust against different image processing operations, while some fail against other attacks [ 17 ]. Therefore, robustness can be classified into robust, fragile, and semi-fragile.

Robust: A robust watermark prevents various noisy attacks, as well as geometric or non-geometric attacks, without altering the watermark data. The watermark remains the same even after some attacks and provides authorization by detecting the watermark [ 18 ]. This watermark is used in such areas as copyright protection, broadcast monitoring, copy control, and fingerprinting [ 16 ].

Fragile: Fragile watermarks are mainly used for integrity verification and content authentication of multimedia data where signature information can be added. This watermark validates whether it has been tampered or not [ 16 ]. A fragile technique is typically easier to implement than a robust one [ 19 ]. In [ 20 ], binary authentication information was inserted into the host image where, for identifying tampering and localization, a pixel-based fragile watermarking technique was used. It resulted in an acceptable visual effect (in terms of the human eye).

Semi-fragile: This type of watermark resists some transformations but fails after malicious transformations. A semi-fragile watermark can be used for image authentication [ 21 ].
An all phase bi-orthogonal transform (APBT) and Singular Value Decomposition (SVD)-based algorithm has been proposed [ 22 ] to achieve better robustness and imperceptibility of the watermarking system, where the block-based APBT algorithm is applied in a certain neighborhood obtained by selected candidate feature points. The coefficients of APBT generate the coefficient matrix for SVD to embed the watermark. Furthermore, a Discrete Wavelet Transform (DWT), all phase discrete cosine biorthogonal transform (APDCBT), and SVD-based method has been proposed [ 23 ] to enhance the imperceptibility and robustness, where the direct current (DC) coefficients of high-frequency sub-bands (LH and HL) are used to insert a watermark image. This method has been shown to be robust against many signal processing operations.
3.3. Security
Watermarking algorithms that are not secure cannot be applied in copyright protection, data authentication, fingerprinting, and tracking of digital content. Therefore, security is a significant concern in digital image watermarking techniques. Security can be confirmed by various encryption methods, where the key decides the degree of security. Several methods, such as chaos-based, Discrete Cosine Transform (DCT), and logistic map-based encryption techniques, have been used to ensure the security and confidentiality of the embedded watermark [ 24 ]. The security of functional magnetic resonance imaging (fMRI) images is important, as they are related to brain activities. A watermarking method has been proposed for ensuring the integrity and authenticity of fMRI images [ 25 ], where a fragile reversible watermarking scheme was introduced to characterize fMRI images which are free from any format. The scheme is not dependent on using external metadata. In [ 26 ], binary pseudo-random sequences were used to encrypt the watermark before embedding, enhancing the security of the watermarking algorithm. The security requirement can be applied in telemedicine, digital imaging, telecommunications, multimedia data, etc.
3.4. Capacity
Watermarking capacity (also known as payload) evaluates how much information can be inserted into the host image, based on the size of the original data. The capacity is defined by the number of bits carried by each host image after inserting the watermark image. However, it is a difficult task to insert more watermark information, which needs a pre-requisite based on practical applications [ 1 ]. In other words, the capacity determines the limitations of the watermarking information while satisfying watermarking robustness and imperceptibility. The available information to attackers, data encoder and decoder, distortion constraints, and the statistical model used in the cover image determine the watermarking capacity [ 27 ]. Various methods exist for evaluating watermarking capacity problems under attacks. These include game-theoretic and parallel Gaussian channels (PGC) approaches.
On the other hand, watermark extraction is successful only when the channel capacity is higher than the number of bits that are embedded into the host image [ 28 ]. The watermarking capacity has been defined by the probability of detection, the probability of false alarm, and the mean square error. When more watermark data is inserted into the host image, more distortion is visible. However, distortion is not tolerable in military and medical applications. Watermarking techniques, therefore, must be implemented to minimize the distortion with less data embedding capacity. In this regard, the combination of IWT (Integer wavelets transform), the bit-plane method, and a QR (Quick Response) code has been proposed [ 29 ], where the watermark is converted into a QR code. Thus, the proposed method reduces the embedding capacity.
3.5. Computational Cost
The computational cost for embedding a watermark into a host image and extracting the watermark from the watermarked image should be minimal. This cost includes two main issues—the total time required for embedding and extracting the watermark, and the total number of embedders and detectors involved in the watermarking technique. A good trade-off between robustness and computational complexity must be maintained. It has been implemented in reference [ 30 ] to ensure the security and robustness of microscopy images.
3.6. False Positive
The false positive rate is the characteristic used to identify watermarks in an image where there is no watermark image. This problem occurs when the embedded watermark is different from the extracted watermark [ 31 ]. The test has been carried out by various schemes. This characteristic has mainly been used for copy control and ownership. If a watermark image W has length l and the extracted watermark is W’, then the false positive rate (FPR) is defined by the following equation [ 32 ]:
where l’ is the Hamming distance of W and W’.
3.7. Watermark Keys
The watermark key is the secret key that determines certain parameters of the embedding function. This key includes the subset of image coefficients, the embedding direction, and/or the embedding domain. The estimation and mapping of the watermark key are important, as it determines the degree of security of the watermarking system and depends on certain parameters, such as the embedded message and watermarked image [ 33 ]. Therefore, for the embedding and extraction process, a secret key is needed to ensure security. The secret key includes a private key, a detection key, and a public key. The private key is available only to the user, the detection key is acknowledged in a court of law, and the public key is extracted by the public [ 34 ]. A study by Chopra et al. [ 35 ] used an Exclusive OR operation for the watermark key, such that that the system inserts the watermark into a defined location in the biometric signature template. The locations for different images are different from each other. This characteristic reduces the probability of the occurrence of various attacks. Therefore, the robustness of the system is increased.
3.8. Tamper Resistance
Tamper-detection in the watermarking system can be used to check authenticity. Any change to the watermark data results in tampering of the image. Therefore, by testing integrity, the system determines whether the watermark data has been tampered or not [ 36 ].
3.9. Reversibility
The reversibility characteristic ensures the extraction of the watermark and exact reconstruction of the host image. However, for medical imaging, the modified image is used as a host image and the reconstructed image is used for diagnosis [ 37 ]. In the reversible digital watermarking method, the system takes the original image and obtains the watermarked image. Then, with the help of the extraction algorithm, the system recovers the original image and watermark image using the secret key.
3.10. Techniques that Meet Requirements Simultaneously
From the above discussions, it can be summarized that it is impossible to satisfy imperceptibility, robustness, and capacity simultaneously due to their conflicting and limited characteristics [ 1 ]. For any watermarking system, imperceptibility may be decreased by increasing the properties of robustness and capacity, and vice versa [ 38 ]. On the other hand, robustness may be decreased by increasing the payload capacity. Therefore, a good trade-off among these types of requirements must be maintained. The trade-off among these three requirements is illustrated in Figure 3 [ 39 ].
However, there is no unique set of properties that are satisfied by all watermarking systems. Currently, some techniques exist that meet some of the above-discussed requirements simultaneously. These techniques are shown in Table 1 . For example, in [ 40 ], a DCT, DWT, and SVD-based study, based on multiple watermarking techniques for securing online social network content, was proposed. A three-level DWT was applied to the host image for embedding the watermark, and a back-propagation neural network (BPNN) algorithm was applied to the extracted watermark image to minimize the distortion between the host image and the watermarked image. Thus, the robustness of the system was enhanced. For increasing security, multiple watermarks were embedded into the host image by using a selective encryption method. The experimental result showed superior performance over existing methods. In another study [ 41 ], a DCT, DWT, and SVD-based algorithm was proposed, which used multiple watermarking to ensure robustness, imperceptibility, capacity, and security simultaneously. To enhance security, the Arnold transform was applied to the host image before embedding. The quality of the watermarked image was satisfactory for diagnosis, in terms of human perception. Thus, the system ensures better imperceptibility at different gain factors. Phadikar et al. [ 42 ] proposed a reversible watermarking technique for Digital Imaging and Communications in Medicine (DICOM) images. The watermark was embedded into the host image in the lifting-based DWT domain. The experimental results showed that the technique ensures high embedding capacity along with better imperceptibility and robustness.
4. Digital Image Watermarking Applications
Digital image watermarking is a highly focused research area, due to its potential use in media applications such as copyright protection, annotation, privacy control, data authentication, device control, media forensics, and medical reports (e.g., X-rays). Some associated applications of digital image watermarking are shown in Figure 4 .
The identified applications, according to design requirements, are shown in Table 2 .
Some important and recent potential applications are described in the following subsections.
4.1. Broadcast Monitoring
This application allows a content owner to verify when and where the content was broadcast. It also checks for the exact airtime of broadcasting content through satellite television and transmission media. Before the broadcast, a unique watermark can be inserted into each sound or video clip [ 8 ]. It is useful for several organizations and individuals when advertisers want to ensure that the content is broadcasted at exact airtime agreed by the customer and the advertisement company [ 43 ]. This application can be used to ensure the legal transmission of TV products such as news items [ 44 ]. In broadcast monitoring, the broadcast monitoring service provides the watermark data to the studio. The watermark data is embedded into the host media using the watermark embedding algorithm and the secret key. Then, the watermarked data is used by the studio. Finally, the TV station transmits this watermarked data as a TV program [ 45 ]. The basic framework of broadcast monitoring is shown in Figure 5 .
4.2. Copyright Protection, Ownership Assertion, or Owner Identification
In copyright protection (or copyright holder identity) applications, a visible watermark identifies the copyright owner and ensures the proper payment of royalties. In this case, the owner can protect multimedia data by making the ownership mark visible when being used commercially, if it is available on the internet [ 46 ]. An invisible and inseparable watermark is the best solution for identifying copyright ownership. This application proves ownership by extracting the embedded information from the watermarked document, compared to easily removable text marks. It requires strong robustness, such that the watermarked image cannot be removed without data distortion [ 44 ]. In reference [ 47 ], a fragile and robust watermark image was embedded into the host image for copyright protection and tampering detection. For copyright protection, the author’s logo was inserted into the host image as a robust watermark. However, an attacker may try to remove the tough watermark. The experimental results showed that the proposed system could extract the tough watermark even when half of the image was cropped. Thus, the author’s logo can be seen. A three-dimensional (3D) mesh watermarking scheme has been proposed by Hamidi et al. [ 48 ], which protects copyright information based on mesh saliency and a wavelet transform. Wavelet analysis was performed on the original 3D mesh and the wavelet coefficients were obtained using mesh saliency. The watermark data was inserted into the original 3D mesh using a quantization index modulation (QIM) technique and secret keys, and watermark extraction was done in a reverse manner. The method demonstrated better imperceptibility and good robustness. To ensure the secure storage and transmission of satellite imagery, digital image watermarking techniques play an important role. To ensure copyright protection, one study [ 49 ] proposed an SHA-3-based novel reversible invisible watermarking scheme, which uses the hash function and an adaptive prediction algorithm.
4.3. Copy Control and Finger Printing
Copy control prevents people from making illicit copies of content. In this regard, a watermark can be used to restrict copying by informing hardware devices or software. In copy protection, a pirate knows the status of hidden messages, which is the real threat. The message contains “Copy No More,” “Copy Once,” or “Copy Never.” On the other hand, in fingerprinting or transaction tracking schemes, an innocent user cannot be framed by the collusion of pirates, and at least one pirate can be traced by the detector [ 50 ]. Similar to fingerprinting, which identifies an individual, transaction tracking uniquely identifies each copy of the work. The watermark accounts for the recipient of each legal dissemination of the work and it has been verified that invisible watermarking performs better, as compared to visible watermarking [ 51 ].
4.4. Content Authentication and Integrity Verification
Digital images can be modified with the help of widely available sophisticated image processing tools. For secure communication, information must be protected from unauthorized access—this property is known as integrity. A watermark verifies the authenticity of an image. Any significant modification of the image can also change the watermark. These changes can be detected [ 52 ], which indicates that the data has been tampered with. The basic framework of content authentication and integrity verification is shown in Figure 6 .
In reference [ 53 ], a three-level image watermarking embedding technique has been proposed for integrity verification. The visible and invisible watermarks are embedded in the first two levels, respectively, and alpha channel watermarking in the third level is used for integrity verification. This scheme has been shown to detect the tampered regions successfully. Another study [ 54 ] has proposed a method which detects and localizes the tampered region. The experimental results demonstrated that the quality of the recovered image was high.
4.5. Indexing
This technique uses comments and markers or key information, which is embedded as a watermark into videos, movies, and news items. Then, the technique retrieves the required data used by the search engine [ 36 ].
4.6. Medical Applications
Image watermarking can be applied to protect the copyright of medical images. Patient’s information can be protected from illegal access by watermarking techniques. These applications include medical imaging, telehealth, and telemedicine, among others. Medical imaging visualizes tissues, organs, or some other parts of the body, by using information and communications technologies. Telehealth involves telesurgery, telediagnosis, teleconferences, and other medical applications. Telemedicine connects specialists and patients separated by a physical distance [ 55 ]. Therefore, to ensure the confidentiality, authenticity, integrity, and availability associated with Electronic Patient Record (EPR) data exchange, suitable watermarking techniques can be used. In these applications, the image quality must not be affected by the watermark data [ 36 ].
4.7. Other Applications
Digital image watermarking can be used for proof of authenticity of the object’s originator. Additionally, digital counterfeiting, fraud, identify theft, secured electronic voting, and deployable remote education, among many others, are all possible applications of digital image watermarking.
5. Survey on Digital Image Watermarking Techniques
Digital image watermarking has gained attention from researchers due to its availability and the delivery of redundant information. These techniques protect digital content from unauthorized access and manipulation. These techniques are required for different applications, such as authentication, operator acknowledgment, material security, and trademark protection. Digital image watermarking techniques can be classified based on the working domain, kinds of documents, nature of the algorithm, human perception, and type of application, as illustrated in Figure 7 .
All digital image watermarking techniques depend on the type of working domain (i.e., spatial, frequency, or hybrid domain), type of documents (i.e., text, image, audio, or video), nature of the algorithm used (i.e., sequential or parallel), human perceptibility (i.e., visible or invisible), and type of application (i.e., source or destination-based). This section analyzes various digital image watermarking methods, based on the working domain, by summarizing some recent research results in this field. This section will be helpful for future studies on state-of-the-art watermarking methods.
5.1. Spatial Domain Watermarking Techniques
This technique inserts watermark information into the host image, as defined by the owner in the spatial or time domain, using different methods including least significant bit (LSB) modification algorithms, intermediate significant bits (ISB) or patchwork algorithms, and spread spectrum and correlation-based algorithms. These techniques work directly on the original image pixels. The watermark can be inserted by manipulating the pixel values, based on a logo or signature information provided by the author [ 17 ]. In the most commonly used designs, pixel intensities at known points in space represent the image, where the lowest-order bit of certain pixels in a color or grayscale image is flipped. Depending on the pixel intensity, the resulting watermark may be visible or invisible. We review various approaches regarding spatial domain techniques that have attracted the attention of researchers due to their optimal balance among imperceptibility, robustness, and capacity, which are the most important requirements of any watermarking technique. These techniques have low complexity, improved efficiency, and faster execution. Furthermore, the watermarked image quality may be controlled [ 56 ]. However, these techniques perform well only if the image is not exposed to any noise or human modification. Picture cropping can be used to exclude the watermark, which is a major weakness in spatial domain watermarking. These techniques embed a large volume of data, in terms of capacity, but the inserted data may be easily detected by various attacks [ 57 , 58 , 59 ]. Additionally, a small object can be inserted several times. Hence, a single surviving watermark will be considered an achievement, despite losing most of the image due to several attacks.
5.1.1. Least Significant Bit (LSB)
Least significant bit modification is the most commonly used algorithm for spatial domain watermarking. Here, the least significant bit (LSB) of randomly chosen pixels can be altered to hide the most significant bit (MSB) of another. It generates a random signal by using a specific key. The watermark is inserted into the least significant bits of the host image and can be extracted in the same way. Several techniques may process the host image. This type of algorithm is easy to implement and is simple. The least significant bits carry less relevant information and, thus, the quality of the host image is not affected. It provides high perceptual transparency with a negligible impact on the host image. However, this algorithm can be affected by undesirable noise, cropping, lossy compression, and so on, and may be attacked by a hacker by setting all the LSB bits to “1,” modifying the embedded watermark easily without any difficulty. The LSB technique can easily be understood by the example depicted in Figure 8 . Suppose two pixel values in the host image are 130 (10,000,010) and 150 (10,010,110). Then, using the LSB technique, if the embedded watermark is 10, then the watermarked pixel values will be 131 (10,000,011) and 150 (10,010,110), respectively.
Several researchers have studied modifications of the LSB technique, which are commonly related to the spatial domain. LSB techniques have been developed based on a bit-plane of digital discrete signals (e.g., audio or images). A bit-plane that represents the signal is a set of bits having the same bit position in each of the binary numbers. Most techniques use only one bit-plane for embedding. This technique works on the least significant bit (i.e., the eighth bit-planes), but others have used three bit-planes (i.e., the sixth–eighth bit-planes) or even four bit-planes (i.e., the fifth–eighth bit-planes) for embedding with acceptable image quality. The four least significant bits (i.e., the fifth–eighth bits of the cover image) can be replaced with the chosen bit of the secret image by simply using an OR operation in a specific manner [ 60 ]. This method first converts the host image into a stream of binary bits, outputs zero in the embedded bit, and then shifts the secret image to the right by 4 bits. Then, an OR operation is performed on these two (i.e., the host and secret images) to obtain the combined image. This operation is illustrated in Figure 9 .
An example can best describe the above figure. Let the pixel value of the cover image (or host image) be 130 (10,000,010) and the binary representation of the secret image be 11,110,000. After embedding out zero, the cover image value is 128 (10,000,000). After shifting right by four bits, the secret image value is 15 (00,001,111). Then, an exclusive-OR operation is done to obtain the combined image pixel, which has a decimal value of 143 (10,001,111). Therefore, this method shows the worst scenario when the host image and the secret image seem to be the same [ 61 ]. In other words, the difference between the host image and the secret image is (2k-1), where k is the number of different bit-planes. To obtain random signals, a specific key (along with an m-sequence generator) can be used by the LSB algorithm. Thus, using the Huffman method, a two-dimensional watermark signal can be inserted into the host image with the corresponding pixel value [ 2 ]. The method of Fung and Godoy [ 62 ] changes the host image pixels—only half of the bits (the least 1–4 bits), on average—with the number of bits of the embedded secret message.
The human visual system cannot recognize this, due of negligible changes in the intensity of colors. Yet, a submissive attacker can easily detect the changed bits, due to the simple operation involved. Manjula and Danti proposed a 2-3-3 LSB insertion method [ 63 ], which uses secret data that contains eight bits. These data are inserted into the LSB in a 2-3-3 order, such that two (02) bits are inserted into the R channel, three (03) bits are inserted into the G channel, and the remaining three (03) bits are inserted into the B channel. This method improves the MSE and PSNR values over the hash-based 3-3-2 technique. In a block-based method, the cover image may be processed by splitting it into blocks using certain techniques, such that the secret image can never be extracted. Then, the embedded watermark is encoded by modifying the relationships between neighboring blocks.
The conventional spatial domain watermarking technique has the highest probability of creating a salt-and-pepper noise effect. Hence, a method has been proposed by Abraham and Paul [ 64 ] for color image watermarking in the spatial domain without degrading image quality meaningfully and changing the perceptual color, as compared to conventional spatial domain watermarking. To make authentication and/or recovery possible, the watermark is embedded into all image blocks to ensure the higher quality of the image and high robustness against attacks. M1 and M2 ensure that the embedded bits are less disrupting to the human visual system, where M1 is the embedding mask and M2 is the compensation mask. The modified pixels are not noticeable, compared with neighboring pixels. Experimental results showed that their proposed algorithm recovered the watermark data even after the least significant bits were distorted and that the algorithm assured a good PSNR value. Although the LSB technique can easily be modified, understanding how the digital image will be modified, concerning integrity and safety, is a challenging task. The LSB hash algorithm authenticates the digital image using a hashing scheme which hides the hash function. One study embedded LSB hash code to protect the original file and extract the embedded hash code in order to produce an output file that appeared to be the same as the original file. In this case, the embedded watermark, which is used for extracting the data, is invisible [ 65 ]. However, LSB techniques can easily be implemented, and, thereby, the associated computational complexity may be reduced [ 8 ].
5.1.2. Intermediate Significant Bit (ISB)
LSB techniques are the most common and simple advanced watermarking techniques in the spatial domain, but they do not ensure robustness against attacks. For this reason, alternative methods, such as intermediate significant bit (ISB) methods, have been developed to improve the robustness and preserve the quality of the watermarking system. Several studies have developed ISB methods using different algorithms. One of these methods replaces the classic LSB technique with ISB by finding the best pixel value in between the middle and the edge of the range. In this method, the watermark image is protected from various attacks and alteration of watermarked image is minimized [ 66 ]. Another study [ 67 ] concentrated on the dual intermediate significant bit (DISB) model, in which two bits are embedded into each pixel of the host image and the remaining six (06) bits are changed to adjust the original pixel. The watermark image can be chosen by selecting the nearest pixel value to the original, if there exists a difference between the original and the embedded one. The proposed model produces a higher quality watermarked image, as compared to LSB methods. Therefore, the DISB method ensures high robustness against attacks and improves the quality of the watermarked images. Robustness and quality are the two most essential requirements for any watermarking system, which can be analyzed by fair normalized cross-correlation (NCC) values.
ISB techniques have been used for image watermarking in the spatial domain. This technique substitutes original image pixels with watermark pixels by keeping the watermark pixels close to a filled or empty region in the original image pixels. The watermark pixel value is tested, according to the range of each bit-plane, and then the original image file pixel is placed outside any of the edges of the range [ 68 ]. There are eight (08) bit planes in grayscale images, where the first bit-plane holds the MSB while the eighth contains the LSB, and the remaining (second–seventh) bit-planes are used as ISB [ 69 ]. If the pixel value of a grayscale image is 133 (10,000,101), then intermediate significant bits are represented by Figure 10 .
PSNR and NCC are the most frequently used quality metrics for watermarked images, where PSNR determines the intensities of strength and weakness of watermarking techniques, while the latter validates the strength of the used algorithm applied to a watermarked image after attacks. Considering this issue, the paper [ 69 ] revealed the amount of strength and weakness of digital image watermarking techniques by defining the threshold values of PSNR and NCC. The discussed watermarking technique embedded four watermarks to the ISB of six grayscale image files one-by-one by substituting the original image pixels with new pixels and keeping them close to the original pixel values simultaneously. Their proposed algorithm demonstrated better robustness against some common image processing operations, such as filtering, compression, noise, and blurring, based on the PSNR and NCC values. Robustness does not decrease against geometric transformation attacks, such as scaling and rotation, in which pixel intensities are not be affected by their changed locations. Therefore, to increase the robustness of messages against various attacks and to resist geometric transformations (e.g., scaling, cropping, and filtering), ISB techniques can be used, instead of LSB techniques, where the secret message can be embedded in a bit-plane (or bit-planes) [ 70 ].
5.1.3. Patchwork
Patchwork is a pseudo-random statistical process, which is embedded into an original image invisibly using redundant pattern encoding by a Gaussian distribution. Two patches A and B are chosen pseudo-randomly, and the image data of the first patch (A) are faded, while those in B are darkened. Patchwork methods show better robustness against maximum non-geometric image modifications and the process is independent of the content of the original image [ 71 ]. In this case, the robustness can be increased by either more affine coding, feature recognition, or both, and the code can be lost by scaling, translation, or rotation before decoding. Although patchwork is impartially resistant to cropping, it does degrade its accuracy. The pseudo-random bitstream is generated by selecting pairs of pixels from the original image. A bit of information is encoded into the pair, where d denotes the difference between the two pixels; the encoding is 0 for d < 0 and the pixels are swapped for d > 0. The next pair can be progressed if d is equal to 0 or greater than a pre-defined threshold [ 72 ]. Therefore, the brightness can be increased by one unit at one point and decreased, respectively, at another point. This method is suitable for large areas of random texture, but not for text images. A region of random texture pattern in the image is copied to an area of the image with a similar texture. Each texture region is recovered through autocorrelation [ 73 ]. In a study by Yeo et al. [ 74 ], a generalized patchwork algorithm consisting of additive and multiplicative patchworks was proposed. This method uses statistical data to embed and detect the watermark. To detect the watermark data, this method uses the location-shift scheme and the scale-shift scheme. Their proposed method was shown to be robust against compression attacks. Yet, the robustness against various attacks is very high in the patchwork method; a small amount of data can be concealed [ 75 ]. The watermark can be embedded by using redundant pattern encoding into an image, and the watermark can be extracted using a secret key concerning the decoding algorithm.
5.2. Frequency (or Transform) Domain Watermarking Algorithms
Spatial domain watermarking techniques are too fragile, as they can be easily manipulated. These techniques are much less robust against different types of attacks, compared to frequency-domain algorithms. These drawbacks have drawn focus to the research of transform-domain watermarking techniques which hide data in the transform space of a signal, rather than time, in a more effective way. This technique converts an image using a pre-defined transform in order to represent the image in the frequency domain. Then, it embeds the watermark by changing the transform domain coefficients of the original image using different transforms, including the Discrete Cosine Transform (DCT), Discrete Fourier Transform (DFT), Discrete Wavelet Transform (DWT), Singular Value Decomposition (SVD), Hadamard, CAT, FFT, PHT, and Fresnel transform, among others. Finally, it extracts the watermark, with the help of a correct key, using an inverse transformation. Figure 11 describes the above procedure.
To recover the original signal in the frequency domain, the frequency components must be recombined by applying phase shift information to each sinusoid of an image [ 1 ]. Many studies have been carried out on transform domain image watermarking, proving the better robustness, security, and imperceptibility against various attacks, such as compression, noise, filtering, cutting, and rotation. This section reviews some of those studies, which mostly used frequency-domain transforms, such as DCT, DFT, DWT, and SVD, and touches on hybrid domain methods.
5.2.1. Discrete Cosine Transform (DCT)
The discrete cosine transform (DCT) separates an image into its equivalent frequency coefficients by modifying frequency components, which can be expressed as a sum of cosine functions. The DCT is a Fourier-related transform and contains a finite sequence of data points. Only real numbers can be used here. Its variance determines the usefulness of the DCT coefficients. The DCT is important for image compression; for instance, in the JPEG image format. The one-dimensional (1D) DCT is defined by the following equation [ 76 ]:
6. Challenges of Image Watermarking Methods
At present, information is an asset. With the advent of computers, the usage of multimedia technology is increasing daily. This makes the tasks of protecting information from being accessed by unauthorized parties (confidentiality), ensuring the authenticity of information and protecting against unauthorized changes (integrity), and confirming that information is accessible by authorized users (availability) more challenging. These are the three key security requirements of a system, which are very difficult and challenging to implement. Moreover, robustness, imperceptibility, and capacity are the essential requirements in designing a robust watermarking system. However, keeping a balance among these three conflicting requirements is a difficult task. Imperceptibility can be achieved by embedding a watermark in the high-frequency components; however, this task produces weaker robustness, as robustness occurs in the low-frequency components. Still, security is a big challenge in digital image watermarking. More recently, internet of things (IoT)-based authentication schemes have provided supreme security without human interaction [ 114 ], where more encryption can be done outside the image contents. Furthermore, blockchain-based authentication schemes also provide high levels of security. Blockchain technology stores data in a decentralized manner and completely protects data against any tampering [ 115 ]. It also detects forgery and differentiates the original image from the tampered image. Therefore, these two schemes can be accommodated in the watermark domain.
6.1. Attacks on Watermarks
The extensive literature of various watermarking techniques reveals that the extraction or alteration of hidden watermark data is not such a difficult task for anyone, as information passes through the communication channel. However, an important trait is that the watermarking system should be robust enough against attacks. In a watermarking system, any processing that may cause the harmful detection of the watermark or impairment of the communication conveyed by the watermark is known as an attack. Then, the processed watermark data is identified as attacked data [ 116 , 117 ]. These attacks (which may be intentional or unintentional) cause distortions in the watermarked image, and include active attacks, passive attacks, geometric attacks, removal attacks, protocol attacks, cryptographic attacks, blind attacks, informed attacks, tampering attacks, simple attacks, attacks based on key estimation, destruction attacks, and synchronization attacks, among others [ 118 ]. This sub-section details some of the existing image watermarking attacks.
6.1.1. Active Attacks
Active attacks occur when a hacker finds and exploits the weakness of a watermark detection function by removing or destroying the watermark; that is, simply by accessing the watermark embedding function, an adversary can easily distort the watermarked image. The most common active attacks for image watermarking include elimination, collusion, masking, distortion, forgery, copy, ambiguity, and scrambling attacks. In elimination attacks, the watermark image will never be detected, but the attacker tries to produce a similar output image, where the copy attack produces a copy with no watermark. On the other hand, with a masking attack, the attacked watermarked image still contains a watermark which is imperceptible by existing detectors. In distortion attacks, some processing techniques may be evenly applied to degrade the watermark, either over the whole watermarked image or some part of it. In a forgery attack, an invalid watermark image can be falsely authenticated by the detector for performing unauthorized embedding by an adversary. However, an ambiguity attack sometimes occurs when an adversary produces an output as forgery, even after the watermarked image is validated. A scrambling attack may be caused by detecting a valid watermarked image as a fake image [ 119 ]. Defenses must be carried out to protect active attacks, which are used, for example, for fingerprinting, copyright protection, and copy control.
6.1.2. Passive Attacks
A passive attack happens when an attacker tries to find whether a given watermark is present or not without concern for the removal (destruction or deletion) of the watermark. The attacker does not try to modify the watermarking resources but, rather, to obtain the information associated to it. At this time, different levels of passive attacks can be considered for achieving various goals that are important in hidden communication.
6.1.3. Removal Attacks
Removal attacks try to remove the watermark from the host image without using the key used in the watermark embedding. These attacks are essential, and the category includes blind watermark removal, collusion attacks, remodulation, interference attacks, noise attacks, denoising, quantization, and lossy compression, among others. These attacks cannot remove the watermark completely, but attempt to damage the watermark information considerably.
The original owner attempts to make it challenging to detect the watermark due to removal attacks, as it decreases the robustness level of the watermark signal. A remodulation attack modifies the watermark image by using the modulation technique. This attack demodulates the same watermark image with the help of opposite modulation techniques. On the other hand, collusion attacks arise when hackers remove the watermark from the original data and construct a new copy without a watermark from several copies of the same original data. Each original copy contains different watermarking techniques. All types of noise, including Gaussian noise, additive noise, and salt-and-pepper noise, are used in noise attacks, which add a noise signal to the watermarked image, which causes the sender of the data to become confused. An interference attack may occur due to additional noise being added to the watermarked image [ 120 ]. These attacks attempt to harm the embedded watermark without deteriorating the document quality [ 121 ].
6.1.4. Geometric Attacks
The existing conventional watermarking algorithms are said to be efficient if they are robust against (intentional or unintentional) geometric attacks. These do not try to remove the watermark image itself but, rather, attempt to distort the watermark detector synchronization by using the inserted information. This is opposite in manner to removal attacks, and results in great difficulty in the required synchronization process in recovering the embedded watermark information by the detector. Therefore, synchronization errors between the original watermark and the extracted watermark occur during the watermark extraction process. However, the watermark still exists in the watermarked image, due to changed positions. Hence, image transformation, image degradation, image enhancement, image compression, cropping, and image adjustment are all sorts of geometric attacks, as such manipulation affects the image geometry, which must be rejected to ensure the robustness of the system. Image transformation can prevent the blind detection of a public watermark by only performing rotation, scaling, and translation (RST) operations on an image to reduce the robustness level of that image. Hence, a robust watermarking system for images must be designed which is invariant to RST operations. The algorithm proposed by Lin [ 122 ], where an RST-invariant signal is created by taking the Fourier transform of the image and then resampling and integrating along the radial dimension. Additionally, removing some parts of the host image degrades the image quality, resulting in image degradation attacks. Degradation attacks need to be designed for some restoration methods for reducing or eliminating the degradation. Another attack processes a given image by increasing the dynamic range of the chosen features to obtain more suitable results for a specific application. These attacks can be easily detected, and this property is known as image enhancement. Image compression attack reduces the amount of data of the watermark image and cuts the bandwidth required to represent a digital image. Finally, the alteration of brightness, contrast, gamma value, and saturation result in image adjustment attacks, which change the watermark image.
6.1.5. Protocol Attacks
Attacks that are directly aimed at the watermarking application are known as a protocol attacks. A protocol attack can be either an invertible attack, an ambiguity attack, or a copy attack. Non-invertible watermarks may be needed for copyright protection applications, where a watermark can never be extracted from a non-watermarked document. Invertible watermark attacks happen when the watermark is subtracted from the watermarked data by the attacker, who claims they are the owner of the watermarked data, which creates ambiguity about the original owner of the data [ 123 , 124 ]. This scheme results in ambiguity attacks, inversion attacks, deadlock attacks, fake-original attacks, or fake watermark attacks. A copy attack copies the watermark to some other data, called target data, after estimating it from the watermarked data without destroying the watermark or impairing the watermark detection [ 124 ].
6.1.6. Cryptographic Attacks
Cryptographic attacks may be either a security attack or an oracle attack, aimed at cracking the security in watermarking schemes by removing the embedded watermark information. A brute-force search embeds secret information which misleads the watermark. Another attack, which creates a non-watermarked signal with an available public watermark detector device, is known as an oracle attack [ 125 ]. Applications must restrict these types of attacks used in cryptography due to their high computational complexity.
6.2. Cost-Effectiveness of Different Attacking Scenarios
The cost-effectiveness of different attacks on digital image watermarking, which is usually based on computational complexity, indicates the cost (time and memory space) it requires to complete an attack. Watermarking is mainly involved with key and embedding algorithms, which are also important parameters for an attack. Different attacks are associated with different parameters.
All cost-effective parameters can be best described as in Table 4 . Here,

K: cost of finding the key. This includes the effective length of the key, which measures the security of the watermarking algorithm;

E: the embedding cost, which affects the robustness and imperceptibility of the watermarking algorithm. This cost estimates the watermark embedding strength;

R: the cost to remove the watermark by an attacker from the host image without using the key used in the watermark embedding algorithm;

E1: the new embedding cost generated by an attacker.
Cryptographic cost is determined by finding the key K through a brute-force attack.
6.3. Performance Metrics for Evaluating Watermarking System
Quality is an important criterion for recognizing an image-based object. The performance of watermarked image quality is measured by evaluating some performance metrics and benchmark tools, such as PSNR, MSE, Euclidean Distance (ED), SSIM, the Feature Similarity Indexing Method (FSIM), Image Fidelity (IF), Normalized Cross-Correlation (NCC), Normalized Mean Squared Error (NMSE), and Correlation Quality (CQ), among others. PSNR is expressed as the ratio of the maximum possible power of a signal to the power of corrupting noise. PSNR affects the reliability of the system, which is best described by MSE. In statistics, the MSE calculates the average squared intensity differences between the reference watermark and the extracted watermark. A higher PSNR value indicates a more efficient system, which means there exists no visual distinction between an ideal image and a corrupted image. The SSIM and FSIM, which are alternatives to PSNR and MSE, respectively, are used to compare the similarity measures (structures and features) between the original and recovered images, based on perception. The SSIM is used to predict the image quality of color (i.e., RGB) values or chromatic (i.e., YCbCr) values by evaluating how much an ideal image is distorted or degraded. The FSIM measures the similarities between the features of two images. One study [ 126 ] showed that SSIM and FSIM provide perception errors based on the human visual system, while PSNR and MSE provide absolute errors. Therefore, the performance metrics SSIM and FSIM are easy to understand for measuring performance, compared to PSNR and MSE. Furthermore, in signal processing, NCC measures the similarity between the reference watermark and the extracted watermark. NCC is defined as a function without subtracting the local mean value of intensities. These benchmark tools are commonly used to assess the performance of watermarking systems.
7. Conclusions and Future Directions
At present, information can be duplicated easily due to the interactive and digital communication of multimedia data. This issue makes digital image watermarking a significant field of research. Digital image watermarking using various techniques has been applied as an important tool for image authentication, integrity verification, tamper detection, copyright protection, and the digital security of an image. In this study, we reviewed the most dominant state-of-the-art watermarking techniques. Through this study, it can be concluded that DWT is a high-quality and robust technique for image watermarking due to its multi-resolution characteristics. Robustness, imperceptibility, and capacity are the essential requirements in designing an efficient watermarking system. However, it is almost impossible to achieve all of these requirements simultaneously. Therefore, a good trade-off between these three requirements must be maintained. However, security remains a big challenge in digital image watermarking technologies, and the accommodation of IoT and blockchain-based authentication schemes provides a challenge for researchers. Therefore, future work can be extended by combining various techniques in different domains to fulfill the above three important requirements. Moreover, to improve robustness along with security, researchers should focus on developing new, advanced techniques.
Author Contributions
M.B. studied and drafted the whole paper; M.S.U. initiated the concept, supervised the study, and fine-tuned the manuscript. All authors have read and agreed to the published version of the manuscript.
This research received no external funding.
Conflicts of Interest
The authors declare no conflict of interest.
Tao, H.; Chongmin, L.; Zain, J.M.; Abdalla, A.N. Robust Image Watermarking Theories and Techniques: A Review. J. Appl. Res. Technol. 2014, 12, 122–138. [ Google Scholar ] [ CrossRef ][ Green Version ]
Zhang, Y. Digital Watermarking Technology: A Review. In Proceedings of the ETP International Conference on Future Computer and Communication, Wuhan, China, 6–7 June 2009; pp. 250–252. [ Google Scholar ]
Cox, I.; Miller, M.; Bloom, J.; Fridrich, J.; Kalker, T. Digital Watermarking and Steganography, 2nd ed.; The Morgan Kaufmann Series in Multimedia Information and Systems: Burlington, Massachusetts, 2008. [ Google Scholar ]
Mohanarathinam, A.; Kamalraj, S.; Venkatesan, G.P.; Ravi, R.V.; Manikandababu, C.S. Digital Watermarking Techniques for Image Security: A Review. J. Ambient Intell. Humaniz. Comput. 2019, 1–9. [ Google Scholar ] [ CrossRef ]
Cox, I.J.; Miller, M.L. “Review of watermarking and the importance of perceptual modeling”. Proc. SPIE 1997, 3016. [ Google Scholar ] [ CrossRef ]
Yang, Q.; Zhang, Y.; Yang, C.; Li, W. Information Entropy Used in Digital Watermarking. In Proceedings of the 2012 Symposium on Photonics and Optoelectronics, Shanghai, China, 21–23 May 2012; pp. 1–4. [ Google Scholar ]
Yu, C.; Li, X.; Chen, X.; Li, J. An Adaptive and Secure Holographic Image Watermarking Scheme. Entropy 2019, 21, 460. [ Google Scholar ] [ CrossRef ][ Green

Images Powered by Shutterstock