High-Precision Authentication Scheme Based on Matrix Encoding for AMBTC-Compressed Images

: In this paper, a high-precision image authentication scheme for absolute moment block truncation coding (AMBTC)-compressed images is presented. For each block, two sub-bitmaps are conducted using the symmetrical separation, and the six-bit authentication code is symmetrically assigned to two sub-codes, which is virtually embedded into sub-bitmaps using the matrix encoding later. To overcome distortion caused by modiﬁcations to the bitmap, the corresponding to-be-ﬂipped bit-location information is recorded instead of ﬂipping these bits of the bitmap directly. Then, the bit-location information is inserted into quantization levels based on adjusted quantization level matching. In contrast to previous studies, the proposed scheme o ﬀ ers a signiﬁcantly improved tampering detection ability, especially in the ﬁrst hierarchical tampering detection without remediation measures, with an average tampering detection rate of up to 98.55%. Experimental results show that our approach provides a more stable and reliable tampering detection performance and sustains an acceptable visual


Introduction
Recently, as engineering technology has rapidly developed, the performance of computers has become increasingly stronger in terms of computing ability, storage capacity, etc.At the same time, the higher transmission capacity offered by wired/wireless networks allows users to share data anywhere, anytime.Obviously, digital images can be conveniently and transparently transmitted via the Internet; however, the Internet cannot always promise reliable and secure transmission, since it is openly accessible.In other words, it is easy for an intruder to intercept data transmitted over the Internet and then corrupt them, intentionally or non-intentionally.For example, attackers can insert vulgar words into a digital image in an imperceptible manner.Such malicious behavior presents a huge challenge to the security, usability, and integrity of personal information.Therefore, it is urgent to protect the integrity and verifiability of the digital image.Under this scenario, it is expected that a technique is provided to solve this problem.
Researchers have conducted a series of scientific studies on image authentication.Roughly, authentication methods can be classified into two categories: Digital signature-based methods [1][2][3][4] and digital watermark-based methods .Generally, the digital signature-based method performs Symmetry 2019, 11, 996 3 of 24 92.13%.In 2009, Jiang et al. [21] proposed a fragile watermarking method that inserts the authentication code into the host image according to the parity of the reconstruction levels of the BTC quantizer.In 2011, Yang and Lu [22] proposed an image authentication method using BTC.Their authentication code is embedded into the block according to the odevity of the number of '1's in the bitmap.If the authentication code bit is '1', the number of '1's in the bitmap is made odd by changing, at most, the three-pixel value of the block.If the authentication code bit is '0', the number of '0's in the bitmap is modified following a similar rule.In the tampering detection phase, the authentication code can be extracted according to the odevity of the number of '1's in each block.In 2013, Hu et al. [23] proposed a fragile watermarking method based on AMBTC.In their approach, the authentication code is derived using a pseudo-random generator.For each block, the corresponding bitmap is further divided into k sub-bitmaps with the same size.Then, based on the idea of bit-flipping in [35], each sub-bitmap is used to carry a one-bit authentication code by adjusting the parity of the number of '1's to make it equal to that of the one-bit authentication code.Moreover, to achieve the better image quality, the most suitable flipping bit was determined using the least distortion criterion [24].Besides, two quantization levels are recomputed to further improve the quality of the compressed image block.The renewed AMBTC compression codes are further compressed using the linear prediction technique and the Huffman coding technique to cut down the storage cost of the AMBTC compression codes.Among these methods [22,23], weaknesses have been noted, in that changing the bitmap may further distort reconstructed image quality.
To solve this problem, Hu et al. [25] in 2013 proposed another image authentication scheme for BTC-compressed images.For each image block, the AC was thus embedded into quantization levels by adjusting the k-bit parity value of their difference to be the same as the k-bit AC.In 2014, Nguyen et al. [26] discovered the mean square error provided by scheme [25] was increased because of adjustment of the quantization levels.Thus, a reference table was designed to carry the AC to achieve a better image quality.The PSNR provided by their scheme is around 32.43 dB.In the same year, Lin et al. [27] adopted the odevity of the bitmap of AMBTC compression codes to derive the authentication code and then inserted the authentication code into the quantization levels.To enhance the security of the authentication code, the embedding position of the authentication code would be selected with the aid of a pseudo-random sequence.For tampering detection, a two-hierarchy tampering detection strategy is employed to increase performance.In the end, 15 of 16 tampered blocks can be successfully detected when each block carries a four-bit authentication code.Compared to Hu et al. [23], the method proposed by Lin et al. [27] has better visual quality and good detection accuracy.In 2016, Li et al. [28] proposed a novel image authentication scheme to verify the integrity of the AMBTC-compressed image.For each block, the authentication code is inserted into the quantization levels according to the determined reference matrix.The length of the to-be-inserted authentication code can be flexibly decided as the user requires.In this way, their true detection ratio is close to 93.75%, while the authentication code is designed as four bits.For these schemes [25][26][27][28], there is room for improvement in detecting the compression codes' attack and collage attack.
To achieve this goal, in 2017, Lin et al. [29] proposed a hybrid image authentication method to protect the integrity of the AMBTC-compressed image.To begin with, they considered the bitmap of the smooth area rather than the complex area as more suitable for parity-check coding [36].Hence, their scheme first classified the image's blocks into two groups: Smooth and complex.For the smooth group, they forced the parity of the sub-bitmap to match that of the to-be-embedded authentication bit using the bit-flipping technique.For the complex block, on the other hand, the authentication code is embedded into the quantization levels according to a reference table.The different traversal sequence, decided by the number of '1's in a bitmap, is chosen as the hiding sequence to carry the authentication code.In the tampering detection phase, a hybrid strategy is used to ensure superior localization accuracy along with better visual image quality.Experimental results confirm Lin et al.'s scheme outperforms previous schemes on the image quality of watermarked images and tamper detection.However, it is a little regrettable that the scheme [29] did not completely solve the compression codes' attack.Hence, in 2018, Hong et al. [30] proposed an efficient image authentication method for AMBTC-compressed images using adaptive pixel pair matching.In their scheme, image blocks are classified into edge and non-edge blocks using a predetermined threshold.For each block, the bitmap and location information are inputted into a hashing function to generate the authentication code.The length of the authentication code ranges from one to four bits and can be flexibly determined, according to the type of image block.Then, the authentication code is embedded into the quantization levels using an adaptive reference table.Their scheme significantly reduces image distortion caused by embedding the authentication code and provides a lower false detection rate, averaging at 0.17%.However, their embedding strategy could break the natural relationship between high and low quantization levels; thus, it can only confirm the authenticity of AMBTC compression codes rather than being effective for AMBTC-compressed images.Additionally, their embedding strategy does not always guarantee the minimum distortion for an embedded edge block because a predetermined distance between two quantization levels must be maintained after authentication code embedding.
The same year, Hong et al. [31] proposed two image authentication schemes, i.e., LSBP and MSBP, for tampering detection for AMBTC compression codes.For each block, their schemes can embed an (a + b)-bit authentication code generated from the bitmap and quantization levels' MSBs.LSBP is a strategy that embeds the a-bit authentication code into a high quantization level and the b-bit authentication code into a low quantization level using LSBs replacement.Due to the rough embedding strategy, MSBP is suggested to minimize distortion using an MSBs perturbation technique.Their schemes have the ability to achieve a tampering detection rate of more than 93.75%.However, in a few cases, their scheme fails to authenticate the watermarked image due to having broken the natural correlation between quantization levels.
Table 1 gives summaries of those authentication schemes [23,[25][26][27][28][29][30][31].In short, some of them [26,[28][29][30] need to store a reference matrix during the AC embedding and authentication phase, and some schemes [23,[25][26][27][28][29] have a limitation against the compression codes' attack or collage attack.Also, most existing methods [23,[26][27][28][29][30] have the weakness that the upper bound of their first hierarchical tampering detection accuracy is around 93.75%.Hence, most of them employ a second hierarchical tampering detection strategy, such as neighborhood elimination, to improve the tampering detection rate.To overcome those problems, this paper proposes a novel image authentication scheme that protects the integrity of both AMBTC compression codes and AMBTC-compressed images.The proposed scheme does not need a reference matrix during AC embedding and extraction and can resist both the compression codes' attack and collage attack.Our approach achieves a higher tampering detection rate in the first hierarchical tampering detection round without a remediation mechanism and sustains acceptable visual quality.[23,[25][26][27][28][29][30][31].

Requirement of Reference Matrix Main Limitation
Scheme in [23]

No Compression codes' attack, Collage attack
Scheme in [25] 96.87No Scheme in [26] 93.75 Yes Scheme in [27] 93.75No Scheme in [28] 93.75 Yes Scheme in [29] 93.75 Yes Compression codes' attack Scheme in [30] 93.75 Yes More computation Scheme in [31] 98.The rest of this paper is organized as follows: We briefly review related works in Section 2, including AMBTC compression technology and matrix encoding; in Section 3, we describe the proposed Symmetry 2019, 11, 996 5 of 24 scheme in detail; in Section 4, we perform a series of experiments to show the performance of our approach; finally, we provide conclusions in Section 5.

Related Works
In this section, we first introduce the AMBTC compression technique for an image in Section 2.1 and then look at the matrix encoding for data hiding in Section 2.2.

AMBTC Compression
In some cases, to increase the speed of transmission, users have to reduce the size of the digital image in advance with compression techniques, whether lossy or lossless.AMBTC is a widely used compression technology due to its simple computation [33].Meanwhile, AMBTC is a variation of BTC [34] with better reconstructed image quality.Assume there is a to-be-compressed image, I, of X × Y pixels.The image, I, is thus divided into x • y non-overlapping blocks, with the size of each block being w × w pixels.In general, w is set to 4 in both BTC and AMBTC.Assume p (1, 1) , p (1, 2) , . . ., p (1, w) ; p (2, 1) , p (2, 2) , . . ., p (2, w) ; . . .; p (w, 1) , p (w, 2) , . . ., p (w, w) are the pixel values of each block.The detailed process of AMBTC compression is described as follows.First, the average, µ, of those pixels' values in a block is calculated by: where p (r, c) is the pixel value of a block in the to-be-compressed image, I.
According to the average value, µ, the pixels in a block can be partitioned into two subgroups according to the following rules: where 1 ≤ r, c ≤ w, G S0 is a subgroup that contains all pixels whose values are lower than the average value, µ, and G S1 is a subgroup that contains the pixels not included in G S0 .Later, the average value for each subgroup is calculated as follows: where k 0 , k 1 are the numbers of pixels in the subgroups, G S0 , G S1 , respectively, and Here, h is the high quantization level and l is the low quantization level.A bitmap (bm) for the current block is generated based on the following rules: (1) If the pixel belongs to the subgroup, G S0 , its corresponding position in the bitmap is marked '0'; (2) if the pixel belongs to the subgroup, G S1 , its corresponding position in the bitmap is marked '1'.The generation rule for the bitmap is described as follows: In this way, the AMTBC compression code for one block is derived in the form of a trio (h, l, bm).On the receiving side, the decoding process is quite simple.A reconstructed block can be derived based on the following rules: Symmetry 2019, 11, 996 6 of 24 where p (r,c) is the pixel value of the reconstructed image.Once all blocks have been processed by Equation ( 6), the reconstructed image is obtained.

The Matrix Encoding
The (7,4) Hamming code [37,38] was invented in 1950 by Richard Hamming as a linear error-correction code.The basic idea of the (7,4) Hamming code is that some attached information, i.e., three parity check bits, are added to the original four-bit data.As a result, the recipient can detect and correct a single-bit error with the help of the parity check matrix, H, as shown in Equation (7).The result of the equation (H × RCW T ) T indicates where the error bit occurs, with RCW representing the received codeword.Assume a codeword that meets the verification rules is CW = (1101001), and the received codeword is RCW = (1100001), and the syndrome vector, z T = (100) T , is equal to the fourth column of the parity check matrix, H.This means that a single-bit error is detected and the error bit in this RCW is in the fourth position.
Based on the (7, 4) Hamming code, Ron Crandall proposed an efficient embedding method known as matrix encoding [39].In matrix encoding, for a (1, n, k) code, the n modifiable bit-places are used to carry the k-bit secret message by flipping at most one modifiable place, where n = 2 k − 1.In this paper, we pay more attention to the (1, 7, 3) code.
First, a coset of the (7, 4) Hamming code with a parity check matrix, H, is constructed, as shown in Table 2. To show the embedding process intuitively, an example is given as follows.Let us assume the to-be-embedded message is S = (s 1 , s 2 , s 3 ) and the cover vector is CV = (c 1 , c 2 , c 3 , c 4 , c 5 , c 6 , c 7 ).The details of the embedding process are as follows.
Step 1: Compute M = H × CV T T to derive vector M.
Step 2: Calculate the syndrome vector, z = M ⊕ S.
Step 3: Search for the same syndrome value as z in Table 2, then the gth column can be located, where 0 ≤ g ≤ 7. The corresponding identifier (ID) is also g, which is the to-be-flipped bit-location later in this paper.At the same time, the corresponding coset leader vector is mapped as e g .Step 4: Change the gth bit of the cover vector CV by CV = CV ⊕ e g .Note that if the syndrome value, z = (000) or g = 0, then there is nothing to be changed; that is, CV = CV.
Finally, the embedding process ends and CV carries the three-bit secret message.The decoding process is simple, using S = H × (CV ) T T , where S is the extracted message and is the same as the secret message S, as long as no error occurred.
For example, assume S = (101) and CV = (1101001).The computed M is (000) and the syndrome z is (101).By searching Table 2, the fifth column is located, ID = 5 is found, and its corresponding coset leader, e 5 = (0000100), is determined.Finally, the embedding process is carried out and the cover vector, CV, is changed to CV = (1101101).For the recipient, the secret, S , can be extracted by That is to say, the seven-bit cover vector can carry the three-bit message by changing at most one bit.

Proposed Scheme
To increase the tampering localization accuracy after the first hierarchical tampering detection, the bitmap carries more authentication code for each block using the matrix encoding scheme.Meanwhile, to overcome the distortion caused by changing the bitmap, the corresponding to-be-flipped bit-location information, G, is recorded instead of flipping this bit of the bitmap directly.Then, this bit-location information is embedded into the quantization levels based on adjusted quantization level matching.Finally, a flowchart of the authentication code generation and embedding is shown in Figure 1.Besides, to better present the proposed scheme, the main symbols used in this paper and their definitions are listed in Table 3.
value, z = (000) or g = 0, then there is nothing to be changed; that is, CV' = CV.
Finally, the embedding process ends and CV' carries the three-bit secret message.The decoding process is simple, using

S H CV 
, where S' is the extracted message and is the same as the secret message S, as long as no error occurred.For example, assume S = (101) and CV = (1101001).The computed M is (000) and the syndrome z is (101).By searching Table 2, the fifth column is located, ID = 5 is found, and its corresponding coset leader, e5 = (0000100), is determined.Finally, the embedding process is carried out and the cover vector, CV, is changed to CV' = (1101101).For the recipient, the secret, S', can be extracted by . That is to say, the seven-bit cover vector can carry the three-bit message by changing at most one bit.

Proposed Scheme
To increase the tampering localization accuracy after the first hierarchical tampering detection, the bitmap carries more authentication code for each block using the matrix encoding scheme.Meanwhile, to overcome the distortion caused by changing the bitmap, the corresponding to-beflipped bit-location information, G, is recorded instead of flipping this bit of the bitmap directly.Then, this bit-location information is embedded into the quantization levels based on adjusted quantization level matching.Finally, a flowchart of the authentication code generation and embedding is shown in Figure 1.Besides, to better present the proposed scheme, the main symbols used in this paper and their definitions are listed in Table 3.    Bit-location information of a block ac Authentication code for a block

AMBTC Compression and Preprocessing Phase
In this paper, the original image, I, is divided into non-overlapping blocks, and then the AMBTC compression technique as mentioned in Section 2.1 is performed for image block compression.As a result, AMBTC compression codes are derived and denoted as (H, L, BM), where H, L, and BM represent the sets of high quantization level, low quantization level, and bitmap, respectively.For convenience, let us assume (h, l, bm) is a triple of AMBTC compression codes for one block.The preprocessing of the AMBTC compression code for a block is done as follows: Symmetry 2019, 11, 996 where u and v are constants, and ĥ, l, and b m are the high quantization level, low quantization level, and bitmap of a preprocessed AMBTC compression code, respectively.After all blocks have been preprocessed in the same way, the preprocessed AMBTC compression codes ( Ĥ, L, B M) were obtained.Note that the bm (u, v) should not be used in the embedding procedure.In our experiments, (u, v) is set to (3, 1), based on experimental results.We preprocess to check whether the h is equal to l.If it is, the bits in the bm are all equal to '1' and the preprocessing should thus be conducted; otherwise, nothing should be done.Preprocessing ensures the recipient can obtain the same AMBTC compression codes from the reconstructed image, as long as no malicious attack occurs.Two examples of preprocessing are the red dotted squares shown in Figure 2. In Figure 2a, since h is not equal to l, the AMBTC compression code remains the same ĥ, l, b m = (h, l, bm).Meanwhile, in Figure 2b, since h is equal to l, the AMBTC compression code is Symmetry 2019, 11, x FOR PEER REVIEW 10 of 24 Step 3. Calculate the factors for ĥ and ˆl for the current block by: where fh and fl represent the factors of ĥ and ˆl , respectively.Step 4. Calculate the remaining values for ĥ and ˆl for the current block by: where rvh and rvl represent the remainder values of ĥ and ˆl , respectively.Step 5. Perform adjusted quantization level matching-based data hiding.If the remainder, rvh, is equal to g1, the matching work of ĥ is done; otherwise, the candidates at the quantization level, ĥ , should be adjusted by:

Authentication Code Generation Phase
After the processed AMBTC compression code is generated, for each block, our approach generates a six-bit authentication code by feeding the block's b m and location information into a hash function.This six-bit authentication code is further separated into two three-bit sub-codes, which are embedded into the bitmap using matrix encoding.Let us assume that the binary form of a six-bit authentication code is ac = (ac 1 , ac 2 , ac 3 , ac 4 , ac 5 , ac 6 ); the first three-bit sub-code is then defined as ac 1 = ac 1  1 , ac 1 2 , ac 1 3 = (ac 1 , ac 2 , ac 3 ) and the second three-bit sub-code as ac 2 = ac 2 1 , ac 2 2 , ac 2 3 = (ac 4 , ac 5 , ac 6 ).

Embedding Phase
The flowchart of the authentication code embedding phase is shown in Figure 1.First, the authentication code is embedded into the bitmap.In fact, we only record the to-be-flipped bit-location information.No modification has been done in bm, as will be described in Section 3.3.1.Second, the to-be-flipped bit-location information is inserted into the two quantization levels, as will be described in Section 3.3.2.

The Matrix Encoding Based Data Hiding
After authentication code generation and AMBTC compression codes' preprocessing, the authentication code will be embedded into the bitmap for each block.The algorithm of the embedding process is described as follows.
Input: Original image, I.
Output: To-be-flipped bit-location information, G.
Step 1. Divide the original image, I, into non-overlapping blocks by a size of 4 × 4 pixels.
Step 2. Generate the AMBTC compression codes (H, L, BM) for the image, I, as explained in Section 2.1.
For each block, assume its preprocessed AMBTC compression code is ( ĥ, l, b m).
Step 5. Perform matrix encoding, as explained in Section 2.2, to embed the first three-bit sub-code, ac 1 , into the first cover vector, CV 1 , then derive the to-be-flipped bit-location, g 1 .The second three-bit sub-code, ac 2 , is embedded into the second cover vector, CV 2 , and then used to derive the to-be-flipped bit-location, g 2 .Note that we only record the to-be-flipped bit-location information but nothing is modified for the bm.Hence, for each block, two-tuple location information (g 1 , g 2 ) can be derived.Step 6. Perform Steps 2 to 5 until all blocks have been processed.
Step 7. Output all location information (g 1 , g 2 ) for each block to the to-be-flipped bit-location information, G.
After matrix encoding is completed, the to-be-flipped bit-location information, G, is obtained.We provide two examples to demonstrate the generation of the to-be-flipped bit-location information, as shown in Figure 2. In Figure 2a, the first seven bits of bm are recombined as the first cover vector, CV 1 , shown in purple.The last seven green bits comprise the second cover vector, CV 2 .Later, matrix encoding is conducted, as described in Section 2.2, and then the two-tuple location information (g 1 = 3, g 2 = 4) will be derived and used as the to-be-hidden message in the next section.In this case, the AMBTC compression code is not changed.Similarly, Figure 2b presents a special case, i.e., h is equal to l and all bits in bm are 1.Thus, the preprocessing of the AMBTC compression code should be done, as described in Section 3.1; i.e., l is decreased by 1 and the bm (3,1) is set to 0. In this case, l and bm are slightly modified.Also, two-tuple location information (g 1 = 2, g 2 = 5) will be derived and used as the to-be-hidden message in the following phase.The yellow grid represents the chosen bm (3,1) , as described in Section 3.1.

Adjusted Quantization Levels Matching Based Data Hiding
After the matrix encoding procedure, the two-tuple to-be-flipped bit-location information, G, is individually inserted into two quantization levels.The algorithm of the adjusted quantization level matching-based data hiding is described as follows.
Step 1. Get a triple ( ĥ, l, b m) for one block from preprocessed AMBTC compression codes ( Ĥ, L, B M).
Step 2. Get the corresponding to-be-flipped bit-location information (g 1 , g 2 ) for this block from G.
Step 3. Calculate the factors for ĥ and l for the current block by: where f h and f l represent the factors of ĥ and l, respectively.Step 4. Calculate the remaining values for ĥ and l for the current block by: rv h = ĥ mod 2 3 , where rv h and rv l represent the remainder values of ĥ and l, respectively.Step 5. Perform adjusted quantization level matching-based data hiding.If the remainder, rv h , is equal to g 1 , the matching work of ĥ is done; otherwise, the candidates at the quantization level, ĥ, should be adjusted by: where h 1 and h 2 are the candidates at the quantization level, ĥ.Here, if h 2 is lower than zero or higher than 255, h 2 must be set to h 1 .Similarly, if the remainder, rv l , is equal to g 2 , the matching work of l is done; otherwise, the candidates at the quantization level, l, should be adjusted by: where l 1 and l 2 are the candidates at quantization level l. l 2 must be set to l 1 if l 2 is lower than zero or higher than 255.Step 6.Let h cf = h a and l cf = l b be the final, selected solution under the constraint of the least distortion, dist (a,b) , which can be calculated by: where Besides, in a few cases, this situation may happen, that is, h cf will be equal to l cf , then h cf or l cf will be forced to be justified once again by the following rule: Step 7. Perform Steps 1 to 6 until all blocks have been processed.
Step 8. Output the watermarked AMBTC compression code for each block, and the watermarked image, WI, is achieved.Step 9. End.
An example is given to show the detailed processing of the adjusted quantization level matchingbased data hiding in Figure 3. Here, for convenience, we assume dist (1,1) is the least distortion after calculation using Equation (13) in this example. where Besides, in a few cases, this situation may happen, that is, hcf will be equal to lcf, then hcf or lcf will be forced to be justified once again by the following rule: Step 7. Perform Steps 1 to 6 until all blocks have been processed.
Step 8. Output the watermarked AMBTC compression code for each block, and the watermarked image, WI, is achieved.Step 9. End.
An example is given to show the detailed processing of the adjusted quantization level matching-based data hiding in Figure 3. Here, for convenience, we assume dist(1,1) is the least distortion after calculation using Equation (13) in this example.

Tampering Detection Phase
Once the recipient receives the watermarked image, WI, or the watermarked AMBTC compression codes, the precise tampering detection can be done in respect to whether the tampering occurred or not. Figure 4 depicts the flowchart of tampering detection.First, the bit-location

Tampering Detection Phase
Once the recipient receives the watermarked image, WI, or the watermarked AMBTC compression codes, the precise tampering detection can be done in respect to whether the tampering occurred or not. Figure 4 depicts the flowchart of tampering detection.First, the bit-location information is extracted from the AMBTC compression codes.Then, the authentication code is calculated and reconstructed.Finally, the extracted and recalculated authentication code are compared to determine whether each block has been tampered with.information is extracted from the AMBTC compression codes.Then, the authentication code is calculated and reconstructed.Finally, the extracted and recalculated authentication code are compared to determine whether each block has been tampered with.

Extraction of Bit-Location Information
The algorithm for bit-location information extraction is described as follows.
Step 1. Divide the watermarked image, WI, into non-overlapping blocks by a size of 4 × 4 pixels.
Step 2. Perform the AMBTC compression technique for one block to derive the corresponding AMBTC compression code (h', l', bm').Step 3. Extract the bit-location information (  g ) for this block by the following equation: Step 4. Perform Steps 2 and 3 until all blocks have been processed.
Step 5. Output all location information (  g ) for each block to provide the bit-location information, G'.Step 6. End.
An example of bit-location information extraction is given in Figure 5a.

Extraction of Bit-Location Information
The algorithm for bit-location information extraction is described as follows.Input: Watermarked image, WI.Output: Bit-location information, G .
Step 1. Divide the watermarked image, WI, into non-overlapping blocks by a size of 4 × 4 pixels.
Step 2. Perform the AMBTC compression technique for one block to derive the corresponding AMBTC compression code (h', l', bm').
Step 3. Extract the bit-location information (g 1 , g 2 ) for this block by the following equation: Step 4. Perform Steps 2 and 3 until all blocks have been processed.
Step 5. Output all location information (g 1 , g 2 ) for each block to provide the bit-location information, G .
An example of bit-location information extraction is given in Figure 5a.Step 4. Perform Steps 2 and 3 until all blocks have been processed.
Step 5. Output all location information (  g ) for each block to provide the bit-location information, G'.Step 6. End.
An example of bit-location information extraction is given in Figure 5a.

Extraction of the Authentication Code
The algorithm of authentication code extraction is described as follows.Input: AMBTC compression codes (H', L', BM'), bit-location information, G .Output: Extracted authentication code, EAC.
Step 2. Get a tuple bit-location information (g 1 , g 2 ) for the corresponding block from G .
Step 3. Recombine the first seven bits of bm' as the first cover vector, CV 1 = cv 1 1 , cv 1 2 , cv 1 3 , cv 1 4 , cv 1 5 , cv 1 6 , cv 1 7 .Recombine the last seven bits of bm' as the second cover vector, Step 4. Flip the g 1 th bit for the first cover vector, CV  .Note that if g 1 or g 2 is equal to zero, the corresponding flipping operation is skipped.In Figure 5b, the red digit represents the flipped bit-location.
Step 5. Extract the authentication code.Two three-bit sub-codes ( ac 1 , ac 2 ) can be computed by: Then, the six-bit authentication code, ac, can be derived by: Step 6. Perform Steps 1 to 5 until all blocks have been processed.
Step 7. Output the authentication code, ac, for each block to provide the extracted authentication code, EAC.
Step 8. End. Figure 5b shows an example of authentication code extraction.

Tampering Detection
The algorithm of the tampering detection is described as follows.Input: Extracted authentication code, EAC.Output: Tampered map, TM.
Step 1. Generate the authentication code, as mentioned in Section 3.2, and denote it as RAC.
Step 2. Get an authentication code for one block from RAC and denote it as R ac '.
Step 3. Get an authentication code for the corresponding block from EAC and denote it as E ac '.
Step 4. Mark the tampered map, TM, according to the comparison results of R ac ' and E ac '.If they are equal, the corresponding position of TM is marked as '0', which means the current block is valid; otherwise, it is marked as '1', which indicates the current block is invalid.Step 5. Perform Steps 2 to 4 until all blocks have been processed.
Step 6.Output the tampered map, TM.
Without loss of generality, a second hierarchical tampering detection algorithm [29,30] is also provided in our experiments.This improves the tampering detection rate, even if excellent detection performance is already offered by the first hierarchical tampering detection algorithm.

Experimental Results
In this section, a series of experiments and analyses are performed to demonstrate the performance of the proposed method.All experiments were implemented in Matlab R2017a on a PC with Intel ® Core (TM) i7-3770 CPU @3.4 GHz, 8 GB RAM (Intel Corporation, Santa Clara, CA, USA).Nine classic grayscale images with the size of 512 × 512 served as test images, as shown in Figure 6.Several attacks were employed to test the performance of our proposed scheme on tampering detection, including cropping attack, constant average attack, collage attack, and AMBTC compression codes' attack.All test images were compressed using the AMBTC compression technique with the size of 4 × 4 pixels.

Statistical Metrics
The following statistical metrics were utilized to demonstrate the superior performance of our approach.
(a) Peak signal-to-noise ratio (PSNR) [14]: Measures the difference between the watermarked image and the original image: (b) Tampering detection rate (TDR) [14]: Measures the percentage of tampered pixels detected in a tampered area:

Statistical Metrics
The following statistical metrics were utilized to demonstrate the superior performance of our approach.
(a) Peak signal-to-noise ratio (PSNR) [14]: Measures the difference between the watermarked image and the original image: ), (18) where X × Y is the size of an image; p wi (i, j) represents the pixel value of the watermarked image, and p oi (i, j) represents the pixel value of the original image.
(b) Tampering detection rate (TDR) [14]: Measures the percentage of tampered pixels detected in a tampered area:

TDR =
No. of detected tampered pixels All pixels in tampered region .
(c) False positive rate (FPR) [14]: Measures the percentage of non-tampered pixels misjudged as tampered, among all tampered pixels:

Tampering Detection Analyses
In our experiments, we performed more than 14 kinds of attacks to show the stable and reliable localization ability and superior performance of the first hierarchical tampering detection algorithm.The details are as follows.

Cropping Attack
We used three grayscale images, Lena, Elaine, and woman, to simulate the cropping attack.Their watermarked images are shown in Figure 7a-c, with PSNRs of 31.99,32.41, and 35.03 dB, respectively.The tampered Lena image is shown in Figure 7d, with some inside blocks cropped with a rectangle.The corresponding tampering detection result using the first hierarchical tampering detection method is shown in Figure 7g, with a TDR of 98.75%.The tampered Elaine image is attacked by outside cropping within the larger area, as shown in Figure 7e.The corresponding tampering detection result delivered by the first hierarchical tampering detection algorithm is shown in Figure 7h, with a TDR of 98.60%.Finally, we employed an inside cropping attack with an irregular shape to replace some blocks of the watermarked woman image, as shown in Figure 7f.Certainly, the proposed scheme achieves a high tampering detection rate, with a TDR of 98.99%.Thus, our approach achieves superior detection and localization to both the inside cropping attack and the outside cropping attack.The First Hierarchical Tampering Detection Results (%) The Second Hierarchical Tampering Detection Results (%) Furthermore, the tampering detection performance for the cropping attack is demonstrated in Table 4.As we can see, after the first hierarchical tampering detection algorithm, the number of tampered blocks for the tampered Lena, Elaine, and woman images are 949, 5620, and 293, respectively.Our approach achieves a high TDR, with an average of 98.78%, and a low FPR and FNR, with averages of 0 and 0.3356, respectively.Additionally, a second hierarchical tampering detection strategy was used in this paper, and the corresponding detection performance is shown in Table 4. Here, the TDR is close to 100% and the FNR and FPR are close or equal to 0. Two watermarked images using our proposed scheme, Zelda and baboon, are shown in Figure 8a,d, with PSNRs of 35.07 and 27.78 dB, respectively.The constant average attack is an attack that replaces all pixels of one block with the average value of the current block.Figure 8b shows the tampered Zelda image.Within a 2 × 2 block, all pixels are modified by the mean value.As we can see, it is difficult to identify the change visually.The corresponding tampering detection result using the first hierarchical tampering detection method is shown in Figure 8c, with a TDR of 96.42%.Figure 8e shows the tampered baboon image under the constant average attack.Within a 4 × 4 block, all pixels are replaced by the mean value.The corresponding tampering detection result from the first hierarchical tampering detection algorithm is shown in Figure 8f, with a TDR of 99.02%.detection strategy was also employed, and the corresponding detection performance is rather good.For both, the TDR is close to 100% and the FPR and FNR are close to 0. Table 5. Tampering detection performance of the constant average attack.

Number of Tampered Blocks
The First Hierarchical Tampering Detection Results (%) The Second Hierarchical Tampering Detection Results (%) Meanwhile, Table 5 shows the tampering detection performance of the constant average attack.As we can see, after the first round of hierarchical tampering detection, the TDR of the four experiments is higher than 96.42% and there is low FNR and FPR.The second hierarchical tampering detection strategy was also employed, and the corresponding detection performance is rather good.For both, the TDR is close to 100% and the FPR and FNR are close to 0. In this section, an image is tampered with by copying image blocks from other watermarked images and pasting them into arbitrary positions in the watermarked image; this is called a collage attack.In Figure 9, we can see the watermarked images of lake, peppers, boat, and couple, with PSNRs of 29.88, 32.15, 30.89, and 30.38 dB, respectively.The first example of collage attack, shown in Figure 9c, is generated by copying the vegetables from Figure 9b into Figure 9a while preserving their relative spatial locations.After the first hierarchical tampering detection, the corresponding tampering detection result is shown in Figure 9d, with a TDR of 98.45%.Similarly, we copied some blocks from the watermarked couple image, shown in Figure 9f, into the watermarked boat image, shown in Figure 9e on the bottom left.The tampered boat image is presented in Figure 9g.Verification was performed using our tampering detection approach, with a TDR of 98.59%, as shown in Figure 9h.The First Hierarchical Tampering Detection The Second Hierarchical Tampering Detection Table 6 lists the detailed tampering detection performance of the proposed scheme.The tampering detection rate reaches 98%, with an FPR of 0 and a lower FNR.Furthermore, a two-hierarchy tampering detection strategy was also employed on this kind of attack, resulting in superior tampering detection, as shown in the last three columns of Table 6.In this section, kinds of experiments are performed to test the tampering detection performance of the AMBTC compression codes' attack.We applied these attacks to the original 512 × 512 Lena image.

(a) Attack the quantization levels
We first tampered with either the high quantization level or the low quantization level of the 120 × 120 AMBTC compression codes, illustrated in Figure 10a.The modification is so natural that it is impossible to identify visually.Figure 10e shows the detection result obtained after the first hierarchical tampering detection, with a TDR of 100%.The corresponding experimental results appear in Table 7.We also simply tampered with the bitmap of the 120 × 80 AMBTC compression codes, shown in Figure 10c.Again, it is hard to notice any change to the Lena image.The tampered area is around Lena's face, and Figure 10g shows the tampering detection result after the first hierarchical tampering detection, with a TDR of 100%.Some experimental results are listed in the fifth row of Table 7.Secondly, based on the experiment of attacking the quantization levels, at the same time, we tried to copy and paste a flower onto Lena's shoulder, as shown in Figure 10b.It is not easy to detect the attack under this scenario.The corresponding tampering detection result using the first hierarchical tampering detection method is shown in Figure 10f, with a TDR of 99.42%.Other statistical parameters are listed in the fourth row of Table 7.We also simply tampered with the bitmap of the 120 × 80 AMBTC compression codes, shown in Figure 10c.Again, it is hard to notice any change to the Lena image.The tampered area is around Lena's face, and Figure 10g shows the tampering detection result after the first hierarchical tampering detection, with a TDR of 100%.Some experimental results are listed in the fifth row of Table 7.
(d) Attack the bitmap and copy/paste a flower We now tampered with the Lena image by modifying the bitmap and adding a flower near her shoulder, as illustrated in Figure 10d.The tampering detection result delivered by our approach is shown in Figure 10h, with a TDR of 99.22%.In Table 7, the sixth row shows the detailed detection results, with lower FPR and FNR.
In summary, we implemented multiple experiments to test the performance of our proposed tampering detection scheme, including the cropping attack, constant average attack, collage attack, and AMBTC compression codes' attacks.After the first hierarchical tampering detection, our proposed scheme can offer a high TDR along with low FPR and FNR for all kinds of attacks.

Performance Comparisons
Table 8 compares the PSNRs of the reconstructed images by using the original AMBTC compression codes and watermarked AMBTC compression codes generated through our proposed scheme.The watermarked images have a few more distortions than the image reconstructed using the original AMBTC compression codes.The average PSNR of the watermarked image using our approach is around 31.66 dB; in other words, we sustained acceptable visual quality while achieving highly accurate tampering detection.[30], and the proposed scheme are four, four, and six, respectively.Thus, the proposed scheme obtains higher tampering detection accuracy than the other two with the assistance of one six-bit authentication code per block.The experimental results provide the expected effect; that is, the average TDR of our proposed scheme is about 98.55% in the first hierarchical tampering detection procedure, which is about 4.8% higher than those of Lin et al.'s scheme [29] and Hong et al.'s scheme [30].In other words, our approach can offer a more stable and reliable tampering detection performance.In Lin et al.'s scheme [29] and Hong et al.'s scheme [30], the stego-images' quality with the four-bit authentication code has average PSNRs of 33.07 and 32.33 dB, respectively.Also, we can observe that Hong et al.'s scheme [31] proposes two embedding strategies that can embed an eight-bit authentication code into each block, resulting in a TDR of 99.61% and average PSNRs of 28.92 and 29.84 dB.Meanwhile, with the same size of the authentication code, i.e., six bits, our proposed scheme and the Hong et al. scheme [31] have the same effect with respect to the TDR.The average PSNR of our approach is 0.39 dB higher than that of the LSBP scheme and 0.05 dB lower than that of the MSBP scheme.Hong et al.'s scheme tries at least six possible combinations to find the minimal distortion during authentication code embedding with MSBP.Therefore, it can be concluded they maintain image quality at the cost of execution efficiency.Also, a large proportion of image authentication methods employ multi-hierarchical tampering detection strategies as a remedial measure to improve their TDR.In Table 9, we report the detection performance offered by Lin et al.'s scheme [29], Hong et al.'s scheme [30,31], and the proposed scheme.The four schemes had very similar tampering detection rates after the second hierarchical remediation measure.However, our proposed scheme outperforms the others when considering tampering detection performance and the image quality of the watermarked images from the first hierarchical tampering detection.Table 10 summarizes comparisons between the proposed scheme and other work [29][30][31].It can be observed that Lin et al.'s scheme generates an authentication code by using a pseudo-random generator, while Hong et al.'s scheme [30] and the proposed scheme do so by hashing the bitmap and location information, and Hong et al.'s scheme [31] generates the authentication by hashing the bitmap and quantization levels' MSBs.Lin et al.'s scheme [29] can resist the cropping attack, constant attack, and collage attack, but is weak against tampering with the bitmap of the complex blocks because it only embeds the authentication code into the quantization levels.The two schemes proposed by Hong et al. [30,31] are sensitive to AMBTC compression codes' attacks since they embed the authentication code generated to refer to the bitmap into the quantization levels.However, in some cases, the natural relationship between two quantization levels is broken for some blocks, making it only possible to verify the authenticity of the AMBTC compression codes and not that of the AMBTC-compressed image.Hence, in their schemes, it seems likely that only professional technicians will be able to implement the cropping attack, constant average attack, or collage attack.Also, Hong et al.'s scheme [31] is poor against the collage attack.In our approach, we embed the authentication code in the bitmap in a virtual manner and insert the bit-location information into the quantization levels later.This strategy maintains effective interlocking among the authentication code, the quantization levels, and the bitmap.If any slight modifications are encountered in the quantization levels or bitmap, the correlation between them will be broken.Thus, the proposed scheme can not only resist AMBTC compression codes' attacks but also detect the cropping attack, constant average attack, and collage attack.Undoubtedly, the experimental results show that our approach provides more stable and reliable tampering detection performance by simply conducting first hierarchical tampering detection and also sustains acceptable visual quality.Table 11 summarizes comparisons among the proposed scheme and the authentication methods for compressed images using other compression techniques.Herein, the smaller the detectable block size is, the precision the detecting unit is, and the larger the size of AC is, the more tampering detection accuracy it has.We can observe that the JPEG-based authentication schemes [17,18] embed the AC in the frequency domain.Although their schemes provide a better visual quality of the watermarked image, they have a weakness in their tampering detection accuracy because the size of the AC they embedded is one bit and three bits, respectively.It is also apparent that the schemes [18,19] provide a detectable block size of 8 × 8 pixels, which means that a lower precision of the detecting unit they are in.Besides, we also can find that our approach and scheme [19] work on the spatial domain.
Our approach provides a better performance in tampering detection and image quality than that of the VQ-based scheme [19].Moreover, the tamper detection performance of our proposed scheme is significantly better than the existing three schemes.Besides, we also can find that our approach and scheme [19] work on the spatial domain.Our approach provides a better performance in tampering detection and image quality than that of the VQ-based scheme [19].

Figure 1 .
Figure 1.Flowchart of the authentication code generation and embedding.

Figure 1 .
Figure 1.Flowchart of the authentication code generation and embedding.

Figure 2 .
Figure 2. Examples of preprocessing and generation of the to-be-flipped bit-location information when (a)  hl ; (b)  &0 h l l .

Figure 2 .
Figure 2. Examples of preprocessing and generation of the to-be-flipped bit-location information when (a) h l; (b) h = l & l 0.

Figure 3 .
Figure 3. Example of adjusted quantization levels matching based data hiding.

Figure 3 .
Figure 3. Example of adjusted quantization levels matching based data hiding.

Figure 5 .
Figure 5. Examples: (a) example of extracting bit-location information, (b) example of extracting authentication code.

Figure 5 .
Figure 5. Examples: (a) example of extracting bit-location information, (b) example of extracting authentication code.

1 , and denoted as CV 1 , then flip the g 2 th bit for the first cover vector, CV 2 ,
and denoted as CV
Symmetry 2019, 11, x FOR PEER REVIEW 19 of 24 (c) Attack the bitmap

Table 1 .
Comparisons of the proposed scheme and other schemes

Table 2 .
The cosets of the (7, 4) Hamming code with the parity check matrix, H.

Table 3 .
Main symbols used in this paper and their definitions.
h High quantization level for a block in I H A set of h l Low quantization level for a block in I L A set of l bm Bitmap for a block in I BM A set of bm ĥ

Table 3 .
Main symbols used in this paper and their definitions.
h High quantization level for a block in I H A set of h l Low quantization level for a block in I L A set of l bm Bitmap for a block in I BM A set of bm ĥ Preprocessed high quantization level Ĥ A set of ĥ l Preprocessed low quantization level L A set of l b m Preprocessed bitmap B M A set of b m h High quantization level for a block in WI H A set of h l Low quantization level for a block in WI L A set of l bm Bitmap for a block in WI BM A set of bm g 1 , g 2

Table 4 .
Tampering detection performance of the cropping attack.

Table 4 .
Tampering detection performance of the cropping attack.

Table 5 .
Tampering detection performance of the constant average attack.

Table 6 .
Tampering detection performance of the collage attack.

Table 6 .
Tampering detection performance of the collage attack.

Table 7 .
Tampering detection performance of the AMBTC compression codes' attack.

Table 7 .
Tampering detection performance of the AMBTC compression codes' attack.

Table 8 .
PSNRs of the reconstructed image by the different schemes with block size 4 × 4.

Table 9
[29]ares the tampering detection performance among three existing schemes and our proposed scheme.The upper bounds of the number of authentication bits in Lin et al.'s scheme[29], Hong et al.'s scheme

Table 9 .
Tampering detection performance of different schemes.

Table 10 .
Comparisons with various schemes.