A Computational Model of Watermark Algorithmic Robustness Capable of Resisting Image Cropping for Remote Sensing Images

Various watermarking algorithms have been studied to better enable the copyright protection of remote sensing images. The robustness of such algorithms against image cropping attacks has subsequently been verified mainly by various experiments. However, to date, the experimental results are subject to the differences in experimental factors and computational resource costs. Hence, the study presented in this paper proposes a robustness computation model of watermarking remote sensing images in terms of the image cropping attack. The robustness computation model consists of three parts: analysis principles, an evaluation index, and a computation method. The robustness analysis principles are provided based on the salient features of watermarking remote sensing images and attacking properties. A probability-based evaluation index is then defined to more comprehensively measure the robustness of different algorithms. The computation method developed in this study is based on permutations and the inclusion-exclusion principle to theoretically calculate robustness. The experiments conducted to verify the effectiveness of the computation model, revealed true closeness between both the calculated and experimental results. Finally, the relationships between the robustness and the different parameters used in the watermarking algorithms are investigated by using the proposed computation model.


Introduction
Currently, remote sensing images are widely used in scientific research and various industries, including agriculture, vegetation monitoring, ecology and so on [1][2][3]. However, security issues inhibit the convenience of remote sensing image sharing and transmission [4], especially in the big data era [5]. Robust watermarking technology has become a promising solution, which could be a viable form of protection regarding issues such as user tracking, forgery prevention and many other illegal uses [6][7][8][9][10][11]. The major property of these watermarking algorithms, named robustness, represents the resistance towards different types of attack [12][13][14]. As the image cropping operation is the common processing method towards remote sensing images, the watermark algorithmic robustness against image cropping attack is evaluated in almost every watermarking algorithm study [10,11,15,16]. In fact, this type of robustness determines whether the copyright can be successfully identified after cropping a certain amount of remote sensing image. method. The analysis principles are concluded from well-designed watermarking algorithms and a robustness index is defined based on probability. According to the proposed principles and index, a computation method is presented, based on the approaches of combinatorial mathematics and probability theory. In addition, the influences of different factors, related to the watermarking algorithm on robustness are further explored with the object of promoting the design of watermarking algorithms.
The rest of this paper is organized as follows: Section 2 introduces the methodology of robustness computation model. In Sections 3 and 4, the experimental results and discussions are given respectively. Finally, conclusions are given in Section 5.

Methodology
The research diagram of robustness computation model is illustrated in Figure 1. computation method is presented, based on the approaches of combinatorial mathematics and probability theory. In addition, the influences of different factors, related to the watermarking algorithm on robustness are further explored with the object of promoting the design of watermarking algorithms. The rest of this paper is organized as follows: Section 2 introduces the methodology of robustness computation model. In Sections 3 and 4, the experimental results and discussions are given respectively. Finally, conclusions are given in Section 5.

Methodology
The research diagram of robustness computation model is illustrated in Figure 1.  The basic watermarking procedure is given previously. Then the computation model, consisting of analysis principles, robustness index and robustness computation method, will be proposed and clarified. Finally, experiments and deductions are conducted to verify the proposed model and promote the design of watermarking algorithms for remote sensing images.

Basic Watermarking Procedure
The basic watermarking procedure and fundamental knowledge are presented here. A classical watermarking procedure is shown in Figure 2.   The basic watermarking procedure is given previously. Then the computation model, consisting of analysis principles, robustness index and robustness computation method, will be proposed and clarified. Finally, experiments and deductions are conducted to verify the proposed model and promote the design of watermarking algorithms for remote sensing images.

Basic Watermarking Procedure
The basic watermarking procedure and fundamental knowledge are presented here. A classical watermarking procedure is shown in Figure 2. computation method is presented, based on the approaches of combinatorial mathematics and probability theory. In addition, the influences of different factors, related to the watermarking algorithm on robustness are further explored with the object of promoting the design of watermarking algorithms. The rest of this paper is organized as follows: Section 2 introduces the methodology of robustness computation model. In Sections 3 and 4, the experimental results and discussions are given respectively. Finally, conclusions are given in Section 5.

Methodology
The research diagram of robustness computation model is illustrated in Figure 1. The basic watermarking procedure is given previously. Then the computation model, consisting of analysis principles, robustness index and robustness computation method, will be proposed and clarified. Finally, experiments and deductions are conducted to verify the proposed model and promote the design of watermarking algorithms for remote sensing images.

Basic Watermarking Procedure
The basic watermarking procedure and fundamental knowledge are presented here. A classical watermarking procedure is shown in Figure 2.
In the watermarking procedure, the original watermark information is converted into binary watermark sequence, then embedded into the watermark domain, which is transformed or generated from the host data. After watermarked data has been delivered or distributed, the copyright information is extracted by the inverse method and compared to the original one. Thus, the copyright can be identified clearly as long as the watermarking algorithm is sufficiently robust.
It has to be pointed that the copyright information includes text, voice, image and so on, and it is converted into binary sequence before the process of embedding. In addition, the comparison of copyright information is equal to the comparison of binary sequence as long as the conversion is reversible. Thus binary watermark sequence is regarded as the form of what watermarking algorithm embed and extracted in this paper. Watermark synchronization and robustness evaluation index, which are closely related to the issue of robustness computation for image cropping attacks, are discussed as follows.

Watermark Synchronization
The watermark synchronization is the vital factor related to robustness when a watermarking algorithm suffers the geometric type of attack such as image cropping, image rotation and so on. In fact, sometimes the watermarked values can remain correct but the error of synchronization will lead to the failure of watermark extraction. Specifically, consider the watermark sequence WM being represented as: where L is the length of WM. Under geometric attack, embedding wm[i] and directly extracting it could lead to the loss of i. So i is an important information part in both processes of watermark embedding and extraction. Therefore, the connections between i and wm[i] represent the watermark synchronization. Commonly, a stable watermark synchronization definitely ensures the watermarking algorithm robustness against image cropping attack. So far this mechanism has been implemented in different ways, such as geometric reference points [6], auxiliary location information [10,34], mapping method [35], etc.

Robustness Evaluation Index
Evaluating a watermarking algorithm is commonly performed from several perspectives, e.g., peak signal-to-noise ratio (PSNR) is used to measure the degradation of image fidelity [13,36], false negative probability (missed detection) or false positive probability (false alarms) are used to evaluate the authority and authentication of watermarking algorithms [15,37]. Regarding robustness, it is common to use NC [10,17,23] or BER [17,24] to compare the similarity between the extracted watermark sequence with the embedded one in a quantitative method. For further evaluation, taking BER as an example, assume wm is the original watermark sequence and wm is the extracted, BER is calculated as: where NOR is the operation of exclusive OR. BER = 0 means there is no error in the extracted watermark.
Commonly the threshold of BER is set previously and empirically in robustness experiments.

The Principles of Robustness Computation
Based on the basic watermarking procedure, the principles are deduced through the analysis of watermarking algorithm and the attack behavior. Hence, these principles are divided into principles of watermarking algorithm and principles of image cropping attack. It can be seen that the principles are universal and do not have many constraints as they are proposed based on few essentially natural assumptions.

Principles of Watermarking Algorithm
• Principle 1: The watermark is repeatedly embedded into data.
The volume of the remote sensing image is commonly much larger than the length of binary watermark sequence, thus the watermark is usually embedded more than once into data for robustness enhancement. It is well known that this principle has been applied in current watermarking algorithms [8,[38][39][40][41]. In fact, the repeat embedding strategy can be regarded as the spread spectrum [15], in that the former is a point of view in the spatial domain and the latter a strategy in the transformation domain. Considering that image cropping is conducted mainly in the spatial domain, thus the similar principle can be adequately used to express the strategy in the same domain for convenience.
Specifically, repetition is represented by N, which means the watermark has been embedded N times in the host image or that watermark information has been spread N times in the transformation domain. To simplify the analysis principle and robustness computation model, N is constrained as positive integers. Figure 3 illustrates the concept of Principle 1. The volume of the remote sensing image is commonly much larger than the length of binary watermark sequence, thus the watermark is usually embedded more than once into data for robustness enhancement. It is well known that this principle has been applied in current watermarking algorithms [8,[38][39][40][41]. In fact, the repeat embedding strategy can be regarded as the spread spectrum [15], in that the former is a point of view in the spatial domain and the latter a strategy in the transformation domain. Considering that image cropping is conducted mainly in the spatial domain, thus the similar principle can be adequately used to express the strategy in the same domain for convenience.
Specifically, repetition is represented by N, which means the watermark has been embedded N times in the host image or that watermark information has been spread N times in the transformation domain. To simplify the analysis principle and robustness computation model, N is constrained as positive integers. Figure 3 illustrates the concept of Principle 1.


Principle 2: The watermark is distributed uniformly.
Because of the large size of the remote sensing image together with Principle 1, the watermark is equally distributed throughout the image. If the watermark energy is concentrated in a small part of the spatial domain or the narrow band in the transformation domain, the image fidelity, both in this area, together with the watermark robustness in other parts, will greatly degrade. Hence, Principle 2, which have been also adopted widely [8,10,15,41,42], represents the tradeoff between watermark imperceptibility and robustness.
Quantitatively, if a watermark of L bits length is repeatedly embedded into the remote sensing image, for N times; in such a situation, Principle 2 suggests the watermark extraction will extract α L N   bits of the watermark sequence from α percentage amount of the remote sensing image. This is made apparent in Figure 4. It should be pointed out, however, that it is not consistent for the extracted watermark bits in Figure 4 to be exactly situated, in the lower right-hand corner of the watermark information, as can be seen in Figure 3. As noted in Principle 2 the watermark information is not necessarily embedded sequentially. In Figure 4, the extracted watermark bits are regarded as randomly chosen from the whole watermark bits. • Principle 2: The watermark is distributed uniformly.
Because of the large size of the remote sensing image together with Principle 1, the watermark is equally distributed throughout the image. If the watermark energy is concentrated in a small part of the spatial domain or the narrow band in the transformation domain, the image fidelity, both in this area, together with the watermark robustness in other parts, will greatly degrade. Hence, Principle 2, which have been also adopted widely [8,10,15,41,42], represents the tradeoff between watermark imperceptibility and robustness.
Quantitatively, if a watermark of L bits length is repeatedly embedded into the remote sensing image, for N times; in such a situation, Principle 2 suggests the watermark extraction will extract a × L × N bits of the watermark sequence from a percentage amount of the remote sensing image. This is made apparent in Figure 4. It should be pointed out, however, that it is not consistent for the extracted watermark bits in Figure 4 to be exactly situated, in the lower right-hand corner of the watermark information, as can be seen in Figure 3. As noted in Principle 2 the watermark information is not necessarily embedded sequentially. In Figure 4, the extracted watermark bits are regarded as randomly chosen from the whole watermark bits.

Principles of Image Cropping Attack
Image cropping can be seen as a type of geometric attack. Part of the watermarked image is deleted randomly and watermark extraction is conducted in the remaining part. The attacking strength is defined as the percentage of the cropped data. Some examples of different attacking strength are shown in Figure 5.

Principles of Image Cropping Attack
Image cropping can be seen as a type of geometric attack. Part of the watermarked image is deleted randomly and watermark extraction is conducted in the remaining part. The attacking strength is defined as the percentage of the cropped data. Some examples of different attacking strength are shown in Figure 5.

Principles of Image Cropping Attack
Image cropping can be seen as a type of geometric attack. Part of the watermarked image is deleted randomly and watermark extraction is conducted in the remaining part. The attacking strength is defined as the percentage of the cropped data. Some examples of different attacking strength are shown in Figure 5.  Combine the attack behavior of image cropping with Principle 1 and Principle 2, the analysis principles of attack are deduced as follows:


Principle 3: The watermark and its synchronization in the remaining part remain correct.
The watermark information contained in the cropped part, obviously, cannot be further retrieved. According to Principle 2, the uniformity guarantees the effectiveness of Principle 3 for both watermarking algorithms based on the spatial domain and those based on the transformation domain. After image cropping, the watermark synchronization mechanism becomes the key to guarantee the robustness. It appears obvious that a well-designed watermarking algorithm will reduce the attack influence on the remaining parts to a minimal level. Because watermark synchronization has different types of implementations [6,10,34,35], Principle 3 represents the ideal situation that all the watermark containing in the remaining part could be successfully extracted.


Principle 4: The cropped part of image is chosen randomly.
As shown in Figure 5, the cropped part of the image can be anywhere, even under the same attack strength. Because the cropped part is not fixed to a specific area for each attack, hence it is reasonable to assume that the cropped part is randomly chosen. In addition, according to the uniformity distribution in Principle 2, cropping image randomly equals a random deletion of the watermark information. An example is shown in Figure 6 to illustrate the influence of image cropping attack on watermark. Combine the attack behavior of image cropping with Principle 1 and Principle 2, the analysis principles of attack are deduced as follows: • Principle 3: The watermark and its synchronization in the remaining part remain correct.
The watermark information contained in the cropped part, obviously, cannot be further retrieved. According to Principle 2, the uniformity guarantees the effectiveness of Principle 3 for both watermarking algorithms based on the spatial domain and those based on the transformation domain. After image cropping, the watermark synchronization mechanism becomes the key to guarantee the robustness. It appears obvious that a well-designed watermarking algorithm will reduce the attack influence on the remaining parts to a minimal level. Because watermark synchronization has different types of implementations [6,10,34,35], Principle 3 represents the ideal situation that all the watermark containing in the remaining part could be successfully extracted.
• Principle 4: The cropped part of image is chosen randomly.
As shown in Figure 5, the cropped part of the image can be anywhere, even under the same attack strength. Because the cropped part is not fixed to a specific area for each attack, hence it is reasonable to assume that the cropped part is randomly chosen. In addition, according to the uniformity distribution in Principle 2, cropping image randomly equals a random deletion of the watermark information. An example is shown in Figure 6 to illustrate the influence of image cropping attack on watermark.  In Figure 6, the red blocks represent the deleted watermark bits, and the green blocks represent the correct. The deleted parts, the watermark information in cropped part of image, are distributed randomly in theory. According to Principle 3, the remaining parts of the watermark, which is denoted by green blocks, can then be correctly extracted.

Probability-Based Robustness Index
The second part of the computation model is the probability-based robustness index. As the common evaluation index, BER indicates the watermarking algorithmic robustness in a single experiment, the calculation method refers to Equation (2). It cannot be used, however, to directly compare the NC of different watermarking algorithms, due to the different experimental parameters and conditions. To more conveniently and comprehensively measure robustness, a quantitative index R is proposed from the perspective of probability. Here R is defined as the probability of successfully and correctly extracting the watermark information after attack according to the given threshold value BER*. As BER* is usually a constant value in the system of robustness evaluation, it is often omitted and index R is then expressed as: In Equation (3), AT represents the attack type, and in this paper denotes image cropping. S is the attacking strength indicating that cropping S percentage of data. L is the watermark information length and N represents the repeat times of the embedded watermark.
From the definition of index R, the superiorities of the proposed index, compared to traditionally used ones are explained as follows. First, robustness is evaluated by probability, thus the more times experiments are repeated under the same parameters of attack, the greater the likelihood that the evaluated value R will approximate to the theoretical value. Then, R has no relationship to the sample data. Hence this index has universal usage and contributes to the comparison of the robustness of different algorithms conveniently. In addition, providing the attacking strength is well defined, the proposed index is not limited to the image cropping discussed in this paper. Hence, this quantitative index is applicable to all kinds of attack. Accordingly, the universal index R can be used to evaluate robustness more scientifically and comprehensively. In Figure 6, the red blocks represent the deleted watermark bits, and the green blocks represent the correct. The deleted parts, the watermark information in cropped part of image, are distributed randomly in theory. According to Principle 3, the remaining parts of the watermark, which is denoted by green blocks, can then be correctly extracted.

Probability-Based Robustness Index
The second part of the computation model is the probability-based robustness index. As the common evaluation index, BER indicates the watermarking algorithmic robustness in a single experiment, the calculation method refers to Equation (2). It cannot be used, however, to directly compare the NC of different watermarking algorithms, due to the different experimental parameters and conditions. To more conveniently and comprehensively measure robustness, a quantitative index R is proposed from the perspective of probability. Here R is defined as the probability of successfully and correctly extracting the watermark information after attack according to the given threshold value BER*. As BER* is usually a constant value in the system of robustness evaluation, it is often omitted and index R is then expressed as: R(AT, S, L, N).
In Equation (3), AT represents the attack type, and in this paper denotes image cropping. S is the attacking strength indicating that cropping S percentage of data. L is the watermark information length and N represents the repeat times of the embedded watermark.
From the definition of index R, the superiorities of the proposed index, compared to traditionally used ones are explained as follows. First, robustness is evaluated by probability, thus the more times experiments are repeated under the same parameters of attack, the greater the likelihood that the evaluated value R will approximate to the theoretical value. Then, R has no relationship to the sample data. Hence this index has universal usage and contributes to the comparison of the robustness of different algorithms conveniently. In addition, providing the attacking strength is well defined, the proposed index is not limited to the image cropping discussed in this paper. Hence, this quantitative index is applicable to all kinds of attack. Accordingly, the universal index R can be used to evaluate robustness more scientifically and comprehensively.

Robustness Computation Method
Based on the principles and the evaluation index proposed above, the method to compute the watermarking algorithmic robustness is studied here. The main theory for solving this problem is the enumeration of the watermark distribution after image cropping attack, based on combinatorial mathematics. By dividing all the enumerations (denoted as E total ) by the number of successful situations, from which watermarks have been correctly extracted (denoted as E suc ), the extraction probability R is calculated directly as: The question is then becomes how to calculate E total and E suc . Obviously, the calculation of E total is easy to conduct according to the permutations, which will be given in the following section. However, the difficulty of this problem is to calculate E suc . From the deduction above, E suc can be acquired by enumerating the situations under image cropping attack with the watermark can still be extracted. But as far as we are concerned, counting the situations directly is easy to confuse some situations and complicated to give the computation formula correctly. In order to solve the problem, the auxiliary function has been adopted to calculate E suc .

Introduction of the Auxiliary Function
Before the introduction and definition of the auxiliary function, the parameters in the computation are explained as follows. The evaluation index is expressed as R(Cropping, S, L, N). Here S represents the cropped data percentage and the threshold value of BER is set to r. According to Principle 1, the total embedded watermark bits are L × N. From Principle 3 and Principle 4, the process of cropping images is randomly deleting certain number bits of watermark information. Based on principle 2, the operation of cropping S percentage of remote sensing image is equal to deleting S percentage of embedded watermark bits. To simplify the computation, the number of cropped watermark bits, denoted as D, is calculated as the expected value, which is D = L × N × S. According to the BER calculation method and watermark synchronization, the watermark bit wm[i] will be properly extracted if any embedded watermark bits corresponding to i remain correct.
The auxiliary function P(L, N, D) is then introduced as the count of all enumerations of any watermark bit is not ruined totally when deleting D watermark bits from watermark information length L embedded over N times. Figure 7 illustrates an example belonging to the auxiliary function P, and Figure 8 shows an example not belonging to it as two watermark bits are totally cracked.

Robustness Computation Method
Based on the principles and the evaluation index proposed above, the method to compute the watermarking algorithmic robustness is studied here. The main theory for solving this problem is the enumeration of the watermark distribution after image cropping attack, based on combinatorial mathematics. By dividing all the enumerations (denoted as Etotal) by the number of successful situations, from which watermarks have been correctly extracted (denoted as Esuc), the extraction probability R is calculated directly as: The question is then becomes how to calculate Etotal and Esuc. Obviously, the calculation of Etotal is easy to conduct according to the permutations, which will be given in the following section. However, the difficulty of this problem is to calculate Esuc. From the deduction above, Esuc can be acquired by enumerating the situations under image cropping attack with the watermark can still be extracted. But as far as we are concerned, counting the situations directly is easy to confuse some situations and complicated to give the computation formula correctly. In order to solve the problem, the auxiliary function has been adopted to calculate Esuc.

Introduction of the Auxiliary Function
Before the introduction and definition of the auxiliary function, the parameters in the computation are explained as follows. The evaluation index is expressed as R(Cropping, S, L, N). Here S represents the cropped data percentage and the threshold value of BER is set to r. According to Principle 1, the total embedded watermark bits are L N  . From Principle 3 and Principle 4, the process of cropping images is randomly deleting certain number bits of watermark information. Based on principle 2, the operation of cropping S percentage of remote sensing image is equal to deleting S percentage of embedded watermark bits. To simplify the computation, the number of cropped watermark bits, denoted as D, is calculated as the expected value, which is D L N S    . According to the BER calculation method and watermark synchronization, the watermark bit wm[i] will be properly extracted if any embedded watermark bits corresponding to i remain correct.
The auxiliary function P(L, N, D) is then introduced as the count of all enumerations of any watermark bit is not ruined totally when deleting D watermark bits from watermark information length L embedded over N times. Figure 7 illustrates an example belonging to the auxiliary function P, and Figure 8 shows an example not belonging to it as two watermark bits are totally cracked.  In Figure 7, all the blocks represent extracted watermark bits, where the green one means that the remaining watermark bit has not changed after the attack. The red one represents the cropped bits. In this case, 30 bits have been cropped but watermark information can still be extracted correctly providing any column in the matrix has not been cropped totally. However, the situation in Figure 8 does not belong to function P as two watermark bits are both deleted, the watermark information extracted from this situation will lose the two bits permanently.

Computation of the Auxiliary Function
From the definition of auxiliary function P, it is obvious that function P cannot be calculated directly according to the accumulated counts when ruined watermark bits have increased from 1 to L. This is because the circumstances have intersections. To count the permutations P(L, N, D) without repetition and omission, the inclusion-exclusion principle of combinatorial mathematics is adopted. The inclusion-exclusion principle is expressed as follows. If there are sets 1 2 , ,..., n A A A , the count of whole elements is calculated as: ... , where the symbol represents the counts or cardinalities of the sets. By using the principle in auxiliary function P, the sets containing i-th watermark bit which has been ruined are denoted as (1 ) i P i L   , then the function P is: , In Figure 7, all the blocks represent extracted watermark bits, where the green one means that the remaining watermark bit has not changed after the attack. The red one represents the cropped bits. In this case, 30 bits have been cropped but watermark information can still be extracted correctly providing any column in the matrix has not been cropped totally. However, the situation in Figure 8 does not belong to function P as two watermark bits are both deleted, the watermark information extracted from this situation will lose the two bits permanently.

Computation of the Auxiliary Function
From the definition of auxiliary function P, it is obvious that function P cannot be calculated directly according to the accumulated counts when ruined watermark bits have increased from 1 to L. This is because the circumstances have intersections. To count the permutations P(L, N, D) without repetition and omission, the inclusion-exclusion principle of combinatorial mathematics is adopted. The inclusion-exclusion principle is expressed as follows. If there are sets A 1 , A 2 , . . . , A n , the count of whole elements is calculated as: where the symbol | | represents the counts or cardinalities of the sets. By using the principle in auxiliary function P, the sets containing i-th watermark bit which has been ruined are denoted as P i (1 ≤ i ≤ L), then the function P is: C D L×N represents the count of all the possible permutations when deleting D watermark bits from L × N watermark bits. So n ∪ i=1 P i is calculated according to Equation (5). Specifically, the function P (L, N, D) is calculated as: with M = D N , the operation rounds the value down to an integer.

Computation of Robustness Index
After the function P has been introduced, the robustness index R(Cropping, S, L, N) can be calculated in the theory. According to Equation (4), the formula of E total is given as: E suc can then be calculated as the enumerations where ruined watermark bits are smaller than the threshold value r with the help of auxiliary function P. The number of minimum correct watermark bits (denoted as X) is calculated by: The operation rounds the number up to an integer. By changing the count of correct watermark bits from X to L, the robustness index R(Cropping, S, L, N) is calculated based on Equation (7): Hence, the robustness index can be acquired based on the proposed formulae in numerical calculations.

Verification of Proposed Model
Three types of watermarking algorithms have been chosen because their embedding methods are nearly consistent with or easily adapted to satisfy the proposed watermarking principles. The first watermarking algorithm denoted as Algorithm A is based on scale-invariant feature transform,

Verification of Proposed Model
Three types of watermarking algorithms have been chosen because their embedding methods are nearly consistent with or easily adapted to satisfy the proposed watermarking principles. The first watermarking algorithm denoted as Algorithm A is based on scale-invariant feature transform, where embedding methods can be referred to [11]. Algorithm B is based on discrete cosine transformation, referred to [8] and Algorithm C is based on statistic index, referred to [10]. In addition, repeat embedding strategy and watermark synchronizations have been adopted in the watermarking algorithms in accordance with the proposed principles. The verification is conducted with three sets of experimental parameters and pseudo-random binary sequence are used as the watermark information. The parameters of the experiments are listed in Table 1. In the experiments, the attacking strength means that the robustness index will be calculated on each interval of S (S ∈ [0, 1]). In addition, the threshold of BER is set to 0.2 empirically, means that when BER < 0.2 the extracted watermark is regarded as the same as the original. For each interval of S, watermarking algorithms are executed 1000 times on each image with the cropping area randomly chosen. Finally, the robustness results from watermarking algorithms are compared with the theoretical ones, which are calculated by the proposed model.

Experimental Results
Parts of the robustness results are given in Tables 2-4.            From Figures 11-13, it is not difficult to deduce that the robustness results calculated by the proposed model agree with the experimental ones. The curve shapes of the proposed model almost overlie those of the watermarking algorithms in these figures. While the sections of R starting to leave the value 1 and approach the value 0 are also nearly the same.

Statistics Results
To give the quantitative comparison results, the linear regressions of the experiments with the coefficient of determination ( 2 R ) are shown in Figures 14-16.  From Figures 11-13, it is not difficult to deduce that the robustness results calculated by the proposed model agree with the experimental ones. The curve shapes of the proposed model almost overlie those of the watermarking algorithms in these figures. While the sections of R starting to leave the value 1 and approach the value 0 are also nearly the same.

Statistics Results
To give the quantitative comparison results, the linear regressions of the experiments with the coefficient of determination (R 2 ) are shown in Figures 14-16. From Figures 11-13, it is not difficult to deduce that the robustness results calculated by the proposed model agree with the experimental ones. The curve shapes of the proposed model almost overlie those of the watermarking algorithms in these figures. While the sections of R starting to leave the value 1 and approach the value 0 are also nearly the same.

Statistics Results
To give the quantitative comparison results, the linear regressions of the experiments with the coefficient of determination ( 2 R ) are shown in Figures 14-16.      Table 5. The statistics indices include the maximum value, the mean value and the standard deviation (Std) of errors. Table 5. Error statistics of robustness results between proposed model and algorithms.   Table 5. The statistics indices include the maximum value, the mean value and the standard deviation (Std) of errors. Table 5. Error statistics of robustness results between proposed model and algorithms. It can be seen from Figures 14-16 that the linear relationships of robustness results calculated by proposed model and algorithms are evident and obvious, as the regression equations approaching y = x very closely. Besides, R 2 of the linear regressions is nearly equal to 1. Hence the linear relationship demonstrates the effectiveness to predict robustness results by using the proposed model. The statistical error results are also listed in Table 5. The statistics indices include the maximum value, the mean value and the standard deviation (Std) of errors.  Table 5, it is reasonable to conclude that errors between the proposed model and watermarking algorithms are small enough to be ignored. The maximum errors do not exceed 0.05, and the mean values of errors are no more than 0.0002, with standard deviations less than 0.005, indicating that the errors have kept a low and stable level.

Experiments
From the perspective of probability, the robustness result from a single procedure of watermark embedding and extraction can be regarded as a result of the Bernoulli Process. With the number of experiments increasing, the empirical robustness results will get closer to the theoretical ones, which are the expected probability of watermark has been successfully extracted. Thus, the experiments conducted above belong to the Monte Carlo method for estimating the theoretical robustness values. By using the Chernoff bound [43], if Pr represents the probability, m represents the number of experiments, R means the theoretical value, R' represents the empirical result, ε represents mean error ratio and δ represents the probability of false positive, the approximation for R satisfies: when: Hence, the condition on m provides an (ε, δ)-approximation for R. Noted that m varies by different robustness result R. Taking S = 0.6700 and R = 0.5360 in Experiment 1 as an example, according to Table 2, if the approximation need to satisfy ε = (0.5530 − 0.5360)/0.5360 = 0.0317 and δ is set to 0.05 empirically, then the bound of m should be: by Equation (12). Apparently, the actual number of experiments in Experiment 1, which is 1000, is much smaller than the probabilistic bound of Equation (13). This situation demonstrates that the robustness results of the proposed method are close to empirical ones even of fewer experiments. According to the statistic results and the probabilistic bound analyzed above, it is easy to deduce that the proposed robustness computation model is able to reveal the watermarking algorithmic robustness against image cropping effectively and accurately.

Efficiency Results
The efficiency of the proposed model and watermarking algorithms are listed in Table 6. The high-efficiency of the proposed model is deduced from two perspectives, which are the time and the processed data volume. The time cost by the proposed model is much less than those of watermarking algorithms, although the watermarking algorithms have efficient performance in watermark embedding and extraction. Furthermore, unlike the algorithms used in experiments, the proposed model is running based on a few lines of code without any sample data. Hence the volume of data processed by the proposed model is tiny compared with watermarking algorithms. These advantages in time and data volume, offered by the proposed model, will definitely promote the robustness evaluation and computation in watermarking algorithms, especially for huge data volume of remote sensing images in the big data era.

Deductions from Proposed Model
In watermarking algorithm research, the parameters of watermark information length L and repeat times N are important parameters. For those algorithms which conform to the proposed watermarking principles, regarding finding how to set or optimize these parameters to enhance the robustness needs to be solved. Based on the proposed model, the relationships among robustness index R, watermark information length L and repeat times N are deduced theoretically. Hence, the parameters of L and N can be adjusted in relation to the design or development of a watermarking algorithm, the aim of which is to enhance the robustness. This optimization is also, conducted without experiments. Detailed relationships are deduced as follows.

The Relationship between Robustness R and Repeat Times N
Intuitively, it may be felt that the more times watermark is embedded, the more likely the watermarking algorithmic robustness get enhanced. The computation experiment based on the proposed model has been conducted to verify this intuition. In the experiment, the binary watermark information length L is set to 100, 200, 300 and N is set to 2, 4, 6, 8, 10, 20, and 40 respectively. Then robustness index is calculated by the proposed model. Results of the relationship are shown in Figure 17.

Deductions from Proposed Model
In watermarking algorithm research, the parameters of watermark information length L and repeat times N are important parameters. For those algorithms which conform to the proposed watermarking principles, regarding finding how to set or optimize these parameters to enhance the robustness needs to be solved. Based on the proposed model, the relationships among robustness index R, watermark information length L and repeat times N are deduced theoretically. Hence, the parameters of L and N can be adjusted in relation to the design or development of a watermarking algorithm, the aim of which is to enhance the robustness. This optimization is also, conducted without experiments. Detailed relationships are deduced as follows.

The Relationship between Robustness R and Repeat Times N
Intuitively, it may be felt that the more times watermark is embedded, the more likely the watermarking algorithmic robustness get enhanced. The computation experiment based on the proposed model has been conducted to verify this intuition. In the experiment, the binary watermark information length L is set to 100, 200, 300 and N is set to 2, 4, 6, 8, 10, 20, and 40 respectively. Then robustness index is calculated by the proposed model. Results of the relationship are shown in Figure  17.

Deductions from Proposed Model
In watermarking algorithm research, the parameters of watermark information length L and repeat times N are important parameters. For those algorithms which conform to the proposed watermarking principles, regarding finding how to set or optimize these parameters to enhance the robustness needs to be solved. Based on the proposed model, the relationships among robustness index R, watermark information length L and repeat times N are deduced theoretically. Hence, the parameters of L and N can be adjusted in relation to the design or development of a watermarking algorithm, the aim of which is to enhance the robustness. This optimization is also, conducted without experiments. Detailed relationships are deduced as follows.

The Relationship between Robustness R and Repeat Times N
Intuitively, it may be felt that the more times watermark is embedded, the more likely the watermarking algorithmic robustness get enhanced. The computation experiment based on the proposed model has been conducted to verify this intuition. In the experiment, the binary watermark information length L is set to 100, 200, 300 and N is set to 2, 4, 6, 8, 10, 20, and 40 respectively. Then robustness index is calculated by the proposed model. Results of the relationship are shown in Figure  17. As shown in Figure 17, two new results have been achieved as follows: with an increase in the watermark repeat times N and fixed L: (1) the image cropping robustness is enhanced; and (2) the rate of robustness improvement becomes slower. As shown by the curves of each N value, in those particular sections where R begins to drop, a larger N appears on the right side of those curves with a smaller N. For example: for each figure the curve in which N = 20 begins to drop near S = 0.9, while the curve in which N = 4 is near the line S = 0.6. Thus this phenomenon indicates that the robustness improvement is in accordance with the repeat of N. Additionally, the changed rate of the curves reveals a further interesting result. It can be deduced that when N becomes sufficiently large, the curves will then be reliably and sufficiently close to R = 1 and S = 1.
Based on the above results, new knowledge has been gained. Increasing watermark repeat times will definitely enhance the watermark robustness against image cropping attacks, however, embedding too much watermark information will cause significant distortions in remote sensing images. Hence, it is easily concluded that the robustness against image cropping can be enhanced by increasing the watermark repeat times to an appropriate value, or in other words, achieve the balance between robustness and imperceptibly.

The Relationship between Robustness R and Watermark Information Length L
In this experiment, the relationship between robustness R and watermark information length L is explored. For watermarking algorithms, the watermark may vary between a binary sequence with a length of less than 200 or a binary image with its length of more than 1024. Hence it is of importance to determine whether there is a strong connection between robustness and watermark information length. Based on the proposed computation model, N is set as 2, 4, 8 and L is set to 100, 200, 400, 800, and 1200 respectively. Figure 18 shows the robustness comparisons with different L. As shown in Figure 17, two new results have been achieved as follows: with an increase in the watermark repeat times N and fixed L: (1) the image cropping robustness is enhanced; and (2) the rate of robustness improvement becomes slower. As shown by the curves of each N value, in those particular sections where R begins to drop, a larger N appears on the right side of those curves with a smaller N. For example: for each figure the curve in which N = 20 begins to drop near S = 0.9, while the curve in which N = 4 is near the line S = 0.6. Thus this phenomenon indicates that the robustness improvement is in accordance with the repeat of N. Additionally, the changed rate of the curves reveals a further interesting result. It can be deduced that when N becomes sufficiently large, the curves will then be reliably and sufficiently close to R = 1 and S = 1.
Based on the above results, new knowledge has been gained. Increasing watermark repeat times will definitely enhance the watermark robustness against image cropping attacks, however, embedding too much watermark information will cause significant distortions in remote sensing images. Hence, it is easily concluded that the robustness against image cropping can be enhanced by increasing the watermark repeat times to an appropriate value, or in other words, achieve the balance between robustness and imperceptibly.

The Relationship between Robustness R and Watermark Information Length L
In this experiment, the relationship between robustness R and watermark information length L is explored. For watermarking algorithms, the watermark may vary between a binary sequence with a length of less than 200 or a binary image with its length of more than 1024. Hence it is of importance to determine whether there is a strong connection between robustness and watermark information length. Based on the proposed computation model, N is set as 2, 4, 8 and L is set to 100, 200, 400, 800, and 1200 respectively. Figure 18 shows the robustness comparisons with different L.  From Figure 18, although L varies from 100 to 1200 in the three figures, only minor differences exist where the curves approaching R = 1 and R = 0. While the trends of those curves and the sections, where R begins to drop, are similar and close. Consequently, it is reasonable to infer that the watermark robustness is obviously not determined by watermark information length.
According to the above result, two conclusions are deduced as follows: (1) Increasing L alone, evidently cannot improve the associated robustness. Considering the watermark capacity limitation, L is suggested not be an excessively large number, for example, 1000 for a pseudo-random binary sequence; (2) The robustness computation of a large L can be estimated instead of a much smaller L. For example, in the above experiments, the curve of L = 1200 is very close to the curve of L = 400. By using this conclusion, the computation complexity is further reduced dramatically when L becomes large, which provide an efficient method to estimate the watermark robustness.

Discussion
From the experimental results of the proposed model verification, it can be seen that as long as the watermarking algorithm is consistent with the fundamental principles, the algorithmic robustness against image cropping attack can be determined by the proposed model theoretically. According to the properties of the proposed model, the calculation process has no relationship to experimental data, and avoids the computational resource cost of experiments. Hence, it provides a theoretical method to evaluate the robustness against image cropping attack. In specific applications of watermarking remote sensing images, the model helps the copyright owner consider how much of the image may be cropped and decide the parameters of watermarking algorithms. Especially for the massive data providers, the theoretical calculation saves much energy and cost compared to practical experiments.
Further applicability improvements have also been made by the deduction experiments based on the proposed model. The relationships among robustness index, watermark information length and watermark repeat times have been investigated and revealed by these experiments. Thus, these enlightenments can be used to facilitate the design of watermarking algorithms which obey the proposed watermarking principles. For example, considering the fidelity requirement of remote sensing images, the total embedded watermark bits, which equals L × N, are strictly restricted. To increase the robustness against image cropping for existing watermarking algorithms, it is significant to increase N and decrease L without causing prominent distortions at the same time. Another example may be when watermarking remote sensing images in the form of big data. In this situation, larger L, which is necessary for copyright identification, will increase the complexity and the time of robustness computation. From the experimental results, smaller L can be used to reduce the computation time and provide the efficient method to accurately estimate the robustness.
Another potential application of the proposed model may be the promotion on research on robustness computation models against other kinds of attacks. The analysis of other image attacks needs further and detailed study, hence some views discussed here are incomplete. Generally, image attacks can be divided into two categories: content/pixel attacks and geometric transformation attacks. For example, the attacks of contents include filtering, JPEG compression (a standard created by the Joint Photographic Experts Group), noise addition and so on, while the attacks of geometric transformation include rotation, scaling, other affine transformations and so on. We note that the process of geometric attacks, as the compound of image geometric transformation and image contents resampling, seem to be more complicated in robustness analysis comparing with attacks purely on contents. Among the attacks mentioned above, the analysis principles of image cropping attack are simpler as watermark synchronization of the remaining part keep correct. Further study may be conducted on the basis of principles proposed in this paper and combined with the characteristics of various attacks.

Conclusions
The objective of this study, which is to theoretically calculate the watermarking algorithmic robustness against image cropping attack for remote sensing images, has been realized. The proposed model comprises analysis principles deduced from well-designed watermarking algorithms, probability-based evaluation index and robustness computation method. The robustness results calculated by the proposed model have been compared to experimental ones, and the fact that errors are very small, demonstrate the effectiveness and accuracy of the proposed model. Furthermore, based on the proposed model, the relationships of the robustness, watermark information length and watermark repeat times have been deduced as long as the watermarking algorithms conforming to the proposed principles. The deductions can be used to optimize the watermarking algorithm parameters and enhance the robustness against image cropping. In summary, the proposed robustness computation model provides an effective method to analyze and calculate the watermarking algorithmic robustness, and it can be adopted to facilitate the improvement of watermark robustness. Further work will attempt to analyze other types of attacks on remote sensing images and extend the applicability of robustness computation model for them.

Conflicts of Interest:
The authors declare no conflict of interest.