A Fragile Image Watermarking Scheme in DWT Domain Using Chaotic Sequences and Error-Correcting Codes

With the rapid development of digital signal processing tools, image contents can be easily manipulated or maliciously tampered with. Fragile watermarking has been largely used for content authentication purposes. This article presents a new proposal for image fragile watermarking algorithms for tamper detection and image recovery. The watermarked bits are obtained from the parity bits of an error-correcting code whose message is formed from a binary chaotic sequence (generated from a secret key known to all legitimate users) and from bits of the original image. Part of the codeword (the chaotic bits) is perfectly known to these users during the extraction phase, adding security and robustness to the watermarking method. The watermarked bits are inserted at specific sub-bands of the discrete wavelet transform of the original image and are used as authentication bits for the tamper detection process. The imperceptibility, detection, and recovery of this algorithm are tested for various common attacks over digital images. The proposed algorithm is analyzed for both grayscale and colored images. Comparison results reveal that the proposed technique performs better than some existing methods.


Introduction
Digital watermarking is a technique of hiding information in multimedia data in such a way that the distortion due to watermarking is almost perceptually negligible [1]. Watermarking can serve a variety of purposes including copyright protection and data authentication. Image watermarking is the process of embedding binary information (called watermarked bits) into an original image, generating a watermarked image. In a self-embedding watermarking scheme, the watermarked bits are generated from the original image. The extraction process is called blind when it does not require knowledge of either the original image or the watermarked bits.
In general, image watermarking techniques can be categorized as robust, semi-fragile and fragile [2][3][4]. Robust watermarks are designed to survive image processing operations, such as scaling, cropping, filtering, and compression [5][6][7][8][9], and are usually used for copyright protection to declare ownership. Fragile watermarking is designed for detecting any modification of the watermarked image (tamper detection) and for recovering the tampered areas (image recovery) [2]. Semi-fragile schemes are designed for tamper detection and image recovery and are robust against some image processing operations. Their main disadvantage is a reduced recovering rate when compared to that achieved by fragile schemes. Fragile and semi-fragile watermarking schemes are mainly used for authentication purposes.
This work focuses on image fragile watermarking. The primary purpose is to invisibly embed a binary image (called watermark image) into an original image, creating a watermarked image, and then extract the embedded information from the watermarked image at the destination. The watermark is fragile in the sense that it is designed to be easily altered if any changes are made to the watermarked image, hence providing a means of detecting tampering or unauthorized alterations. Fragile watermarking can therefore be applied to copyright protection, tamper detection, and authentication.
In many applications, tamper detection and localization alone are insufficient. The fragile watermarking with self-recovery capability cannot only identify the tampered regions, but also recover the altered image's original content. At the destination, the authentication watermark is first extracted and applied to identify the authenticity of the received image. If the watermarked image is identified as tampered, the restoration technique is applied to the tampered parts.
In many image fragile watermarking schemes, the original image is divided into non-overlapping sub-blocks and the watermark embedded in each sub-block is composed of authentication bits and recovery bits [10][11][12][13][14][15][16][17]. The authentication bits are used for the purpose of tampering detection (the block is authenticated if the authentication bits are successfully retrieved). The tampered blocks are recovered by means of the recovered bits. The generation of the watermarked bits involves, in some cases, frequency-domain transforms, such as the discrete cosine transform (DCT) [15,18], and the discrete wavelet transform (DWT) [14,[19][20][21].
The performance of an image watermarking scheme is analyzed with mutually exclusive parameters, including imperceptibility, capacity, and robustness against attacks. Trying to improve one of these parameters for a particular scheme usually deteriorates the others [1]. Several embedding schemes are based on the least significant bit (LSB) method [11][12][13]16,19,22], since it provides a good trade-off among these performance metrics.
Chaotic maps are commonly used to add security to image watermarking schemes [13,14,[22][23][24][25]. These maps are characterized by their sensitivity to the initial conditions and pseudo-random behavior, despite being deterministic, resulting in noise-like signals [14,26,27]. Applications of these maps include scrambling the original image [13,14,22] and selecting sub-blocks to embed the watermark [14,22]. To support severe distortion imposed on the watermarked image, error-correction codes can also be applied [18,28,29].
In this work, we propose a new self-embedding fragile watermarking algorithm for image tamper localization and recovery using chaotic maps, DWT domain, and errorcorrecting codes. The bits embedded in the image are obtained from parity bits of an errorcorrecting code whose information sequence is formed by combining the watermarked bits with chaotic bits generated from a secret key. The distinguishing feature of the proposed extraction algorithm is that the error-correcting capability of the error-correction code is exclusively dedicated to recovering the watermarked bits, since part of the codeword (the chaotic bits) is known by the extraction algorithm, which provides high robustness to the proposed scheme. The DWT sub-bands are divided into non-overlapping 2 × 2 sub-blocks and two parity bits are embedded in each sub-block. These bits are used as authentication bits for the tamper detection process. A parameter controls the tradeoff between imperceptibility and robustness. After locating the tampered area, in the process of recovering the damaged area, the parity bits and chaotic sequences are used to estimate the recovery bits. We investigate the trade-off between the imperceptibility of the watermarking embedding and the tampering detection/recovering capability of the proposed algorithm and comparison results reveal that it performs better than many existing fragile watermarking schemes.
The rest of this article is organized into five sections. Section 2 presents a brief review of the chaotic maps, the class of error-correcting codes considered in this work, and DWT. The proposed algorithm for grayscale images is detailed in Section 3. It is also discussed the watermark extraction, tamper detection, and the image recovery strategy. Some metrics commonly used for assessing the imperceptibility, detection, and recovery capability of a fragile watermarking algorithm are discussed in Section 4. Results with performance comparisons are presented in Section 5 for grayscale images, and in Section 6 for colored images. Conclusion remarks are outlined in Section 7.

Related Works
In this section, we briefly review several fragile watermarking schemes proposed in the literature.
Haghighi et al. [22] proposed a fragile blind watermarking scheme, based on lifting wavelet transform (LWT) and genetic algorithms. In this scheme, four digests are generated based on LWT and halftoning techniques. Each digest is separately scrambled using a chaotic map. The authentication bits for each 2 × 2 non-overlapping sub-block are calculated based on a relation of pixels. The watermarked bits are formed from a combination of digests and authentication bits and are embedded using the LSB technique. A genetic algorithm is employed to optimize the difference between the original and the watermarked values of each sub-block.
Barani et al. [23] proposed a digital image tamper detection algorithm based on the integer wavelet transform (IWT) and singular value decomposition (SVD). A SVD is performed in each 2 × 2 sub-block of the scrambled original image. The combination of the U matrix of the SVD of each sub-block and a sequence generated by a 3D quantum chaotic map forms an authentication sequence that is inserted into the IWT coefficients. A scheme that combines SVD and chaotic maps is proposed in the Ref. [25].
In the image fragile watermark scheme proposed in the Ref. [14], the original image is divided into 4 × 4 non-overlapping sub-blocks and the authentication and the recovery bits are both generated by using the DWT. The authentication bits are generated from the low-frequency sub-band of each sub-block, and the recovery bits are produced from high-frequency sub-bands. The chaotic Arnold's cat map scrambles image sub-blocks in order to break their interdependence.
In the Ref. [30], Qin et al. proposed a self-embedding fragile watermarking scheme using vector quantization (VQ) and index sharing. The watermarked bits are composed of hash bits for tampering localization and reference bits for content recovery. The proposed scheme can locate tampered regions via VQ index reconstruction. Qin et al. [11] developed a self-embedding fragile watermarking based on reference data interleaving mechanism. This scheme utilizes the most significant bit (MSB) layers to generate the interleaved reference bits that are embedded into the LSBs. The scheme proposed in the Ref. [16] embeds the watermarked bits generated by a permutation process within the two LSB of each sub-block. A bit-adjustment phase is subsequently applied to increase the quality of the watermarked image. In the Ref. [31], the original image is divided into non-overlapping sub-blocks of 2 × 2 pixels, called small blocks, and each 4 × 4 small block is grouped as a large block. The watermarked bits containing authentication information and recovery information are embedded into the LSB.
In the Ref. [15], authentication data is generated for each 8 × 8 sub-block using the DCT. A block dependency is established using part of the authentication data of a distant block. Such sub-block dependency provides tamper detection and enables localization of tampered regions. A recovery technique based on unsupervised machine learning is proposed. The scheme presented in the Ref. [32] is also based on the DCT. Two authentication bits and ten recovery bits are generated from the five MSB of each sub-block. The authentication bits of each sub-block are embedded into the three LSB.
The algorithm proposed in the Ref. [12] consists of an overlapping block-wise mechanism for tampering detection and a pixel-wise mechanism for image recovery. Reference bits are derived from the mean value of each sub-block and are dispersedly hidden into 1 or 2 LSB according to two different embedding modes. Authentication bits are hidden into adaptive LSB layers of the central pixel for each block. After detecting tampered blocks and reconstructing mean-value bits, the original pixels are recovered using a pixel-wise approach with the help of different neighboring overlapping blocks. According to [17], two different types of detection processes, pixel-wise and block-wise processes, are suggested in order to locate and restore the tampered locations. The authentication data are created per pixel in the pixel-wise procedure while they are formed per block in the block-wise process. As a result, the block-wise method tunes the length of authentication data to the size of each block. Peng et al. proposed in the Ref. [10] an algorithm based on reversible data hiding. The authentication and recovery bits are embedded into two identical original images. Secret information is embedded into one image while distortion information is embedded into the other one. In the Ref. [13], Sreenivas et al. proposed an image tamper localization scheme in which authentication bits of a 2 × 2 image sub-block are generated using chaotic maps. For each sub-block, two distinct sets of recovery bits are generated and embedded in the LSBs of two randomly chosen blocks. In the Ref. [33], a secret key based on pseudo-random binary sequences is used as a fragile watermark for tamper detection. The watermarked bits are embedded using a LSB process in a 9-base notation structure.
Li et al. [34] proposed an image tampering detection and a self-recovery method based on the Gauss-Jordan Elimination. A technique called Improved Check Bits Generation (ICBG) generates the check bits for tamper detection. The Morphological Processing-Based Enhancement (MPBE) is developed to improve the accuracy of tampering detection.
The scheme proposed in the Ref. [19] used two watermarks that combines spatial and transform domains to enhance the watermarking robustness, authentication and recovery performance. A robust watermarking is embedded into different DWT sub-bands, while a fragile one is embedded using the LSB approach. An image authentication system that combines DWT and convolutional neural networks (CNN) is proposed in the Ref. [20]. The watermark information is embedded into the DWT coefficients, and the CNN is employed to recover tampered areas. The combination of DCT and CNN is proposed in the Ref. [35].
Multiple median watermarking is a technique for image tamper region recognition and self-recovery proposed in the Ref. [36]. Four smaller versions of the cover image are hidden into the 4-LSB, which are determined by four pseudo-random codes. These copies can be used to identify the area of the altered image that has been tampered with.

BCH Code
A well-known and powerful tool to enhance the robustness of a watermarking scheme is the use of error-correcting codes which permits to correct errors induced by a given attack [28,37,38]. This work employs the binary Bose, Chaudhuri, and Hocquenghem (BCH) code [39] over the Galois field GF(q) with codewords of length n = q m − 1 (where m is an integer), k information bits, n − k parity bits, and error correction capability t bits. It is denoted by BCH (n, k, t). This code is completely specified by its generator polynomial g(x) = 1 + g 1 x + · · · + g n−k−1 x n−k−1 + x n−k , where g i ∈ GF(q). The degree of g(x) is equal to the number of parity bits of the code. Let ξ be a primitive element of GF(2 4 ), and let m i (x) be the minimal polynomial of ξ i in GF(2 4 ), the i-th power of ξ. The generator polynomial g(x) is obtained from the least common multiple of the minimum polynomials g(x) = LCM(m 1 (x), m 2 (x), . . . , m d m −1 (x)), where d m is the code minimum distance and satisfies d m ≥ 2t + 1.
A polynomial representation c(x) of a codeword c = (c 0 , · · · , c n−1 ) is of the form c(x) = c 0 + c 1 x + · · · + c n−1 x n−1 . The encoder operation can be expressed in the polynomial form c(x) = g(x) u(x), where u(x) is the information message to be encoded and the operations with polynomials follow the operations rules defined over the field. There are several techniques to decoding BCH codewords, it is worth mentioning the Berlekamp-Massey (BM) algorithm, an algebraic decoding algorithm for the BCH code. For the one-bit error correction code considered here, the generator polynomial is g(x) = x 4 + x + 1, for q = 2, m = 4, with n = 15, and k = 11 information bits, which has 4 parity bits and t = 1, represented as BCH (15,11,1). We also use a BCH code with t = 2, BCH(31,21,2), with 10 parity bits and generator polynomial g(x) = x 10 + x 9 + x 8 + x 6 + x 5 + x 3 + 1. The use of both codes permits analyzing the impact of the code parameters on the watermarking algorithm. In the proposed algorithm, the k information bits are split into 2 parts, one containing bits from the watermark image and the other a chaotic sequence generated from a secret key shared by legitimate users. The encoder operation finds the parity bits that are embedded into the original image, generating the watermarked image. The watermark extraction algorithm estimates the parity bits from a possibly modified watermarked image. A legitimate user generates the chaotic sequence and concatenates it with the retrieved parity bits. A decoding procedure estimates the watermarked bits forming the retrieved codeword (the concatenation of the estimated watermarking bits, chaotic sequence, and the estimated parity bits). It is worth highlighting that if the retrieved codeword contains errors (which occur if the errors introduced by an attack are beyond the error correction capability), these are spread out over all portions of the codeword and do not necessarily concentrate in the portion of the information sequence where the watermarked bits are located. However, the positions of the chaotic bits are known in advance, since this information is shared by all legitimate users. This allows for concentration of the code's correctness capability on the portion of the codeword that contains the relevant information, the parity and watermarked bits.

Chaotic Maps
The behavior of unidimensional chaotic maps is observed through a discrete time series {x i } ∞ i=0 , and can be obtained by iterating a nonlinear and non-invertible function f (x), over an initial condition x 0 , as follows [40] x n = f (x n−1 ), n = 1, 2, 3, . . . (1) . The value of x 0 is obtained from the secret key and we choose to discard the first 100 samples of an orbit due to the transient behavior (the orbits of a good chaotic map diverge after few iteration and this discard operation is not mandatory). Examples of chaotic maps include the cubic map (MC) f (x) = 4x 3 − 3x, and the logistic map (ML) f (x) = rx(1 − x), where r is a control parameter. Chaotic maps are deeply sensitive to the initial condition, meaning that arbitrarily close initial points separate exponentially fast. Figure 1 shows two orbits of the logistic map with r = 4 generated by two initial conditions separated by 10 −6 . These assume a distinct dynamical behavior after a few iterations. 23 submitted to Entropy 5 of 23 of both codes permits analyzing the impact of the code parameters on the watermarking 196 algorithm.

197
In the proposed algorithm, the k information bits are split into 2 parts, one contain-198 ing bits from the watermark image and the other a chaotic sequence generated from a 199 secret key shared by legitimate users. The encoder operation finds the parity bits that are 200 embedded into the original image, generating the watermarked image. The watermark 201 extraction algorithm estimates the parity bits from a possibly modified watermarked im-202 age. A legitimate user generate the chaotic sequence and concatenate it with the retrieved 203 The balanced binary sequence {z n }, henceforth denoted by the chaotic binary sequence, is generated from {x n } from a partition of the map domain into two regions R 0 and R 1 satisfying Pr(x n ∈ R 0 ) = Pr(x n ∈ R 1 ) = 1/2, and such that, if x n ∈ R 0 then z n = 0, or if x n ∈ R 1 then z n = 1. There are several methods to discretize chaotic Entropy 2023, 25, 508 6 of 23 samples (see, for example, [41][42][43]) that may generate binary sequences with better random properties, but this topic is not explored in this work.

Discrete Wavelet Transform
The basis functions of the DWT are generated from a basic wavelet function, through translations and dilations. These functions allow reconstructing the original signal through the inverse discrete wavelet transform (IDWT). There are many types of wavelet functions, including Haar [44,45], Daubechies [46], Symlets [47], Coifflets [48,49]. Due to its low computing requirements, the Haar transformation has been used primarily for image processing and pattern recognition and is adopted in this work.
Mallat [50] proposed an algorithm based on a decomposition following a pyramid model, in which the image size decreases in each decomposition level. Figure 2 shows the first decomposition level applied to an image C O of size M × N, obtaining four output images C LL 1 , C LH 1 , C HL 1 , C HH 1 of size M/2 × N/2. At the end of each filtering operation, the output signal is down-sampled by two (↓ 2). The image C LL 1 is obtained from the convolution of two low-pass filters applied first to the rows and then to the columns of C O . The first level of detail C LH 1 is obtained by applying a low-pass filter to the rows of C O and then a high-pass filter to its columns. Similarly, C HL 1 and C HH 1 are obtained. Applying this procedure again having as input the image approximation C LL 1 , we obtain the second decomposition level of the image C O , resulting in the approximations C LL 2 and the level of details C LH 2 , C HL 2 , C HH 2 , each one with size a quarter of the size of image C O . Other decomposition levels are obtained using the same procedure. mitted to Entropy 6 of 23  and R 1 satisfying Pr(x n ∈ R 0 ) = Pr(x n ∈ R 1 ) = 1/2, and such that, if x n ∈ R 0 then 229 z n = 0, or if x n ∈ R 1 then z n = 1. 1 The basis functions of the DWT are generated from a basic wavelet function, through 232 translations and dilations. These functions allow reconstructing the original signal through 233 the inverse discrete wavelet transform (IDWT). There are many types of wavelet func-234 tions, including Haar [44,45], Daubechies [46], Symlets [47], Coifflets [48,49]. Due to its 235 low computing requirements, the Haar transformation has been used primarily for image 236 processing and pattern recognition and is adopted in this work.

237
Mallat [50] proposed an algorithm based on a decomposition following a pyramid 238 model, in which the image size decreases in each decomposition level. Fig. 2 shows the 239

The Proposed Algorithm
A new fragile watermarking algorithm for images as well as a strategy for tamper detection and recovering of the tampered areas are proposed in this section. Initially, we consider grayscale images. colored images are considered in Section 6.
The embedding algorithm E · has as input an 8-bit grayscale original image C O of size M × N pixels and a key K which determines the initial condition x 0 of the chaotic sequence.
The watermarked image C W is described as The input to the blind extraction algorithm E − (·) is the watermarked image possibly corrupted by attacks, namely C W , and a key K.

Watermark Embedding
Watermarked bits are embedded into the original image according to the following steps.

1.
Generate a chaotic binary sequence SC 1 using the cubic chaotic map with the key K.

2.
Apply the 2-level DWT decomposition to the original image C O obtaining the subbands C LL 2 , C LH 2 , C HL 2 , C HH 2 . The sub-bands C LH 2 and C HL 2 (each one of size M/4 × N/4 pixels) are divided into sub-blocks of size 2 × 2, where the watermarked bits are embedded. There are MN 64 sub-blocks in each sub-band. Each sub-block is composed of the coefficients: Apply is obtained. This sequence is considered as an image and is scrambled with the Arnold cat map. After scrambled, this sequence is divided into sub-sequences of length 2 bits, In each 2 × 2 sub-block of C LH 2 and C HL 2 find the largest value (v max1 ) and the second

6.
Apply the two-level IDWT and obtain the watermarked image C W .
Since the number of sub-sequences p i is MN 16k 1 and the total number of sub-blocks is MN 32 , we have k 1 = 2, and consequently k 2 = 9. Figure 3 shows the block diagram of the proposed embedded algorithm, called Proposed 1.  - The estimated parity sequence is unscrambled with K 1 and is divided into 4-bit sub-309

Watermark Extraction, Tamper Detection, and Image Recovery
The embedding of watermarked bits in C O allows detecting modifications (tamper detection) and to recover the original image (image recovery).

Watermark Extraction
The extraction of parity sequencep from C W (possibly modified watermarked image) and from K is based on the following steps.

•
Generate the chaotic binary sequence SC 1 from the key K.

•
Calculate the two-level DWT of C W obtaining the sub-bands C LH 2 and C HL 2 . Each sub-band is divided into sub-blocks of size 2 × 2. • Find the highest value v max of each sub-block and its position. Decide the watermark informationp i as: If v max is in the position (2, 1), thenp i = 10.

-
If v max is in the position (2, 2), thenp i = 11. • The estimated parity sequence is unscrambled with K 1 and is divided into 4-bit subsequences,p j =p j1 · · ·p j4 , for j = 1, . . . , MN 64 . • For eachp j , the extraction algorithm knows k 2 = 9 chaotic bits of an 11-bit information sequence. There are four possible parity sequences, depending on the remaining k 1 = 2 information bits. An estimate of these bits is obtained from the smallest Hamming distance betweenp j and these possible parity sequences. Then, concatenate the estimated k 1 bits, the k 2 the chaotic bits, and the four parity bits with the smallest Hamming distance to form a 15-bit word. This word is decoded using the BM algorithm, giving a new estimate of the k 1 bits of the sequence 4 andp j . • This procedure is repeated for each j = 1, . . . , MN 64 , obtaining two estimated sequenceŝ p andˆ 4 . Figure 4 shows the block diagram of the proposed watermark extraction algorithm.  -

310
• For eachp j , the extraction algorithm knows k 2 = 9 chaotic bits of an 11-bit informa-311 tion sequence. There are 4 possible parity sequences, depending on the remaining 312 k 1 = 2 information bits. An estimate of these bits is obtained from the smallest Ham-313 ming distance betweenp j and these possible parity sequences. Then, concatenate 314 the estimated k 1 bits, the k 2 the chaotic bits, and the four parity bits with the small-315 est Hamming distance to form a 15-bit word. This word is decoded using the BM 316 algorithm, giving a new estimate of the k 1 bits of the sequence ℓ 4 andp j .

Tamper Detection
The image C W is used to replicate Steps 2-4 of the embedding algorithm, obtaining a new binary sequencep of length MN 8 . In order to detect the tampered regions, a bitwise XOR operation is performed between the extracted watermark binary sequencep and the binary sequencep. The binary sequence resulting from this operation is organized in a binary image of size M/4 × N/4 bits, which is called binary detection image. Figure 5 shows the block diagram of the proposed tamper detection algorithm.

321
The image C ′ W is used to replicate Steps 2-4 of the embedding algorithm, obtaining a 322 new binary sequencep of length MN 8 . In order to detect the tampered regions, a bitwise 323 XOR operation is performed between the extracted watermark binary sequencep and the 324 binary sequencep. The binary sequence resulting from this operation is organized in a 325 binary image of size M/4 × N/4 bits, which is called binary detection image. Fig. 5 shows 326 the block diagram of the proposed tamper detection algorithm.

328
After detecting if there is any modification in the watermarked image C ′ W , the next 329 step is to recover the part of the image identified as tampered. In the recovering process, 330 the first step is to calculate the details sub-bands C HH 4 , C HL 4 and C LH 4 of the tampered 331 image C ′ W . The binary sequencel 4 is converted to the imageĈ LL 4 of size M/16 × N/16 332 pixels. An intermediate image C I is obtained from the 4-level IDWT of the image formed 333 fromĈ LL 4 , C HH 4 , C HL 4 , and C LH 4 . The recovered image is constructed by replacing the 334 pixels located at the detected tampered area of C ′ W by the corresponding pixels of C I . Fig. 6 335 shows the block diagram of the proposed image recovery algorithm.

337
This section describes commonly used metrics for assessing the imperceptibility and 338 robustness of image watermarking schemes.

Image Recovery
After detecting if there is any modification in the watermarked image C W , the next step is to recover the part of the image identified as tampered. In the recovering process, the first step is to calculate the details and sub-bands C HH 4 , C HL 4 and C LH 4 of the tampered image C W . The binary sequenceˆ 4 is converted to the imageĈ LL 4 of size M/16 × N/16 pixels. An intermediate image C I is obtained from the 4-level IDWT of the image formed from C LL 4 , C HH 4 , C HL 4 , and C LH 4 . The recovered image is constructed by replacing the pixels located at the detected tampered area of C W by the corresponding pixels of C I . Figure 6 shows the block diagram of the proposed image recovery algorithm.

321
The image C ′ W is used to replicate Steps 2-4 of the embedding algorithm, obtaining a 322 new binary sequencep of length MN 8 . In order to detect the tampered regions, a bitwise 323 XOR operation is performed between the extracted watermark binary sequencep and the 324 binary sequencep. The binary sequence resulting from this operation is organized in a 325 binary image of size M/4 × N/4 bits, which is called binary detection image. Fig. 5 shows 326 the block diagram of the proposed tamper detection algorithm.

337
This section describes commonly used metrics for assessing the imperceptibility and 338 robustness of image watermarking schemes.

Imperceptibility, Detection, and Recovery Metrics
This section describes commonly used metrics for assessing the imperceptibility and robustness of image watermarking schemes.

Imperceptibility Metrics
The peak signal-to-noise ratio (PSNR) is a measure of watermark imperceptibility, expressed in units of decibels (dB). For 8-bit grayscale images with pixel values from 0 to 255, the PSNR is defined as PSNR = 10 log 10 255 2 MSE (dB) (3) where the mean square error (MSE) for images of size M × N is The recovered PSNR, PSNR r , is calculated using (3) in which the MSE is obtained between the watermarked image and recovered image. The structural similarity index (SSIM) is another imperceptibility metric and is defined as where µ O and µ W are the mean of the original and watermarked images, respectively, σ 2 O and σ 2 W are the variances of these images, ρ OW is the covariance between C O and C W , γ and β are fixed constants, γ = 2.55 and β = 7.65.

Tampered Detection Metric
The performance of tamper detection is commonly measured in terms of the false positive rate (FPR) and false negative rate (FNR), defined as where FP, FN, TP, TN are the false positive, false negative, true positive, and true negative, respectively. FP is the number of pixels that are non-tampered but are wrongly identified as tampered; FN is the number of pixels that are tampered but are incorrectly detected as non-tampered; TP is the number of pixels that are correctly identified as a tampered pixel, and TN is the number of pixels that are correctly identified as an untampered pixel. The lower FPR and FNR indicate a better performance of the tamper detection algorithm.

Watermark Image Attacks
Several attacks are performed on the watermarked image to check the behavior of the proposed algorithm, as described next.

•
In the tamper attack, the pixels of a part of C W are changed to zero [15]. • The first kind of collage attack (CA 1 ) tampers the C W image by copying blocks of C W and inserting them into arbitrary positions in the same watermarked image [14,15]. • The second kind of collage attack (CA 2 ) modifies C W by combining portions of another watermarked image and preserving their relative spatial locations [14,15,17]. • In the normal tampering attack, some objects are added, deleted or modified on the watermarked image [22]. • The salt and pepper attack consists in adding this noise with density d to the C W image [17]. • The constant-average attack (CAA) [14,15] is able to tamper a set of blocks with a constant average intensity and create a counterfeit image. The average value for each block in the tampered area is calculated, and then the 6 MSBs of each pixel, within the block, are replaced by the 6 MSBs of the calculated average value [15].
The performance analysis conducted in this chapter uses 141 original images from the USC-SIPI database (http://sipi.usc.edu/database, accessed on 10 March 2021). This database contains grayscale and colored images of distinct sizes. We resize and convert some images so that a new database contains 8-bit grayscale images of size 512 × 512 pixels. Figure 7 shows some examples of images used in this work.

Results for Grayscale Images
The PSNR and SIMM are measures of image degradation caused by the watermark embedding, and the parameter α used in the embedded algorithm modifies the degradation of the original image. Table 1 shows the minimum and maximum values of PSNR and SIMM for several values of α for the 141 original images in the database. It is observed that increasing α (for α > 0) slightly decreases the imperceptibility of the watermarked image. Table 2 shows similar results for FPR and FNR for several values of α for the 141 tampered images in the database with tampering rate 50% (the tampered Lena image with this tampering rate is illustrated in Figure 8e). We observe that these performance indicators slightly improve for α > 0. Thus, this parameter provides a trade-off among these performance metrics. Hereafter, we fix the value of α to 0.01 in all simulations performed in this section.  Table 3 shows PSNR comparisons between the algorithm Proposed 1 and several existing watermarking fragile methods. It can be seen that the proposed algorithm has better imperceptibility with PSNR higher than 47 dB for the images considered.  Figure 8 shows the tampered Lena images at various tampering rates, the corresponding binary detection images (the detected tampered region is marked in white color, whereas the non-tampered region is in black) and the recovered images. The quality of the recovered image is measured through the PSNR r of the detected tampered region. Table 4 shows a comparison of PSNR r versus tampering rates for several images, where it is seen that the algorithm Proposed 1 provides better recovery performance.
The time (in seconds) required to embed the parity bits into each 512 × 512 image shown in Figure 7 is in the range [12.15, 14.68] (minimum and maximum values), while the range for the extraction of the parity bits is [11.23, 13.46]. The algorithms are implemented with the Matlab R2017b program on the Windows 10 Pro operating system running on a personal computer with 3.70 GHz Intel Xeon E5-1620 CPU and 64 GB RAM.  The results for the CA 1 attack for the Airplane, Pepper, Lake and Countryside images are provided in Figure 9. In each row of this figure, the original image, the watermarked image with the PSNR value, the tampered image, the binary detection image with the FPR and FNR values, and the recovered image with the PSNR r value are shown. The PSNR values for these four watermarked images are around 47 dB. The FPR and FNR are, respectively, 0.073 and 0.009 for Airplane, 0.117 and 0.008 for Pepper, 0.100 and 0.002 for Lake, 0.052 and 0.007 for Countryside, and which reveal good tampering detection performance. The Proposed 1 scheme can also achieve good image recovery results with PSNR r around 41 dB for the Airplane, Pepper and Countryside images and around 47 dB for the Lake image. The CA 2 attack is considered in Figure 10 for the Baboon, Tree, Tank and Roof images. A portion of a watermarked image is copied in another watermarked image, preserving their relative spatial locations. In each row of this figure, two watermarked images with their PSNR values are shown, as well as the tampered image, the binary detection image with the values of FPR and FNR, and the recovered image with the PSNR r value. The PSNR of the watermarked images are higher than 40 dB for these images. The FPR and FNR are respectively 0.099 and 0.007 for Baboon, 0.087 and 0.002 for Tree, 0.090 and 0.005 for Tank, 0.106 and 0.008 for Roof. The recovery results yield PSNR r higher than 38 dB. The normal tampering attack is considered in Figure 11 in which some objects are added to the watermarked images (Lena, Elaine, Airport, and Aerial View).
The results for the CAA attack are presented in Figure 12 in which a distortion is created in a certain portion of the watermarked image. The obtained PSNR values are higher than 47 dB for the four images. The FPR and FNR are respectively 0.030, 0.007 for Boat, 0.025, 0.003 for Sailor, 0.026, 0.004 for Baboon, and 0.012, 0.001 for Zelda. The Salt and Pepper attack for the Lena image with d = 0.3 is considered in Figure 13. The FPR and FNR are 0.143 and 0.084, respectively. Some attacks displayed in Figures 9, 10, 12 and 13 have also been considered in the literature. Table 5 compares the PSNR r achieved by the algorithm Proposed 1 and by some existing methods. It is seen that the Proposed 1 technique provides, in some cases, better recovered performance for the considered attacks. Table 5. PSNR r achieved by the proposed algorithm and by some existing methods.

Figure
Image PSNR r

Figure 9j
Pepper 40.98 [36] 33.59 Figure 9o Lake 47.52 [20] 33.82 Figure 10e Baboon 39.86 [20] 30.33 Figure 11o Airport 47.42 [34] 46.03 Figure 12e Boat 45.53 [14] 35.41 Figure 13e Lena 33.78 [17] 40.68    A BCH Code (31,21,2) To analyze the impact of the BCH code in the proposed watermarking scheme, we consider the BCH (31,21,2). This code has a greater number of parity bits than the BCH (15,11,1) code, so it is necessary to take into account a greater number of sub-blocks where the parity bits are embedded. The modified algorithm uses the same steps as the previous one, modifying the code used and the level of the DWT, according to the following steps.

1.
Repeat this step of the previous algorithm.

2.
Apply the one-level DWT decomposition to the original image C O . The sub-bands C LH 1 and C HL 1 (each one of size M/2 × N/2 pixels) are divided into sub-blocks of size 2 × 2, where the watermarked bits are embedded. The total number of sub-blocks is MN 16 .

3.
Repeat this step of the previous algorithm.

4.
Construct the sequence p from the BCH (31,21,2) code as follows. The 21 information bits are obtained by concatenating k 1 = 2 bits from 4 and k 2 = 19 from the chaotic map. After scrambling, we obtain p = {p 1 , p 2 , . . . , p MN 64 }, where p i = p i1 , p i2 . Each p i is embedded into some sub-blocks of C LH 1 and C HL 1 .

5.
Repeat this step of the previous algorithm. Since there are four times more sub-blocks than subsequences p i , after inserting a given p i , the next three sub-blocks are not used by the embedded algorithm. 6.
Apply the 1-level IDWT and obtain the watermarked image C W . Table 6 shows the PSNR comparison between the algorithm presented in the previous sections (Proposed 1) and the modified one (called Proposed 1-v1). A decrease in the PSNR value is observed due to the insertion at a higher level of the DWT decomposition (1-level). Table 7 presents a PSNR r comparison for several tampering rates, observing a slight increase in the value of PSNR r . Table 8 compares the PSNR r for the attacks displayed in Figures 9-13. We observe that the modified algorithm presents a better recovery performance for these attacks. This is due to the code modification.

Performance of the Proposed Algorithm for Colored Images
The performance of the proposed algorithms in colored images is analyzed in terms of imperceptibility, detection and recovery. We also present comparisons with literature results. The original colored image C O is represented by three components R, G, and B, each one of size 512 × 512. A fragile watermarking algorithm in a grayscale image is applied in each component. We adopt the same performance metrics used for grayscale images. Table 9 presents an imperceptibility comparison between the proposed algorithms and some existing ones for several images. All proposed algorithms present better imperceptibility results, and the highest PSNR values are achieved by Proposed 1. Table 10 shows a comparison of PSNR r versus several tampered rates. Some attacks presented in the previous chapter are presented in Figure 14 with recovered results for the algorithm Proposed 1. Behavior similar to that obtained with grayscale images is observed, obtaining FNR and FPR values close to zero (desired values) and PSNR r values higher than 34 dB.

Conclusions
This article presented a new self-embedding fragile watermarking algorithm for tamper detection and content recovery in images. The watermarked bits are the parity bits of a BCH code, in which its information sequence is composed of chaotic bits and bits obtained from the original image. The watermarked bits are embedded in the original image in the frequency domain using the DWT. The parameter α establishes a trade-off between imperceptibility and recovery. After investigating the trade-off between the imperceptibility, detection of tampered areas, and recovery capability of the algorithm, we compare its performance with that of some existing schemes. We conclude that the algorithm is competitive in terms of several metrics, such as PSNR, SIMM, FPR, FNR, and PSNR r . The joint application of chaotic bits and BCH codes not only contributes to the recovery of the image information in the tampered areas, but also provides security, and the existence of a greater number of parity bits leads to higher recoverability. A natural continuation of this work is the incorporation of codes with unequal error protection, since part of the information bits is known at the extraction algorithm. Another topic for future research is to consider chaotic maps with high nonlinearities and constant chaos for a wide parameter range [51].