34

I am interested in watermarking a video for copyright purposes. The requirements are as follows:

  • The watermark must be barely noticeable to the naked eye.
  • The watermark must be able to be extracted from a device such as a smartphone camera.

Embedding a secret message where the raw data is available is fairly simple. It seems much harder when the data must me extracted from an external source where the details of the pixels are easily lost. Is this a hopeless effort?

Jacco
  • 7,402
  • 4
  • 32
  • 53
Zac R.
  • 451
  • 4
  • 5
  • 1
    Presumably, the video is compressed. Is it a requirement that the playback is with a standard decoder/viewing program, unaware of the watermark ? Things depend on the compression method, and on if the watermark is to be added before compression by a standard encoder; by a watermark-aware encoder; after compression by a standard encoder. Is it a requirement that decompression/recompression keeps the watermark ? – fgrieu May 04 '17 at 13:19
  • 8
    What does "barely noticable" mean to you? And what is the difference you have in mind to traditional watermarking, which every television network uses? – tylo May 04 '17 at 14:17
  • 3
    My first guess would be something like periodic fluctuating brightness, with different frequencies to distinguish different watermarks. The timing could be extracted even if it may not be visually noticeable, and it has a shot at surviving re-encoding, resizing, and even darkening/brightening/hue shifting. It wouldn't survive a deliberate attempt to remove it, though. – Ask About Monica May 04 '17 at 17:27
  • 1
    Hah, this was one of proposed topics for Master-equivalent thesis at my university. – Dragomok May 04 '17 at 17:55
  • Maybe something like the way photocopiers can see the word "VOID" that's printed on checks, invisible to the naked eye. But techniques like that would probably not survive compression. Possibly related: anti-duplication technologies, as used on currency - but I don't know how things like microprinting can be detected by cameras. – Scott - Слава Україні May 04 '17 at 22:30
  • @kbelder I should think that you'd also need to consider moiré between the refresh rate of the display device and of the video capture. – can-ned_food May 05 '17 at 08:14
  • 1
    FYI @Zac R., see also this post https://security.stackexchange.com/questions/2144/detecting-steganography-in-images – MikeRoger May 05 '17 at 13:47
  • IIRC almost anything that actually works is covered by patents owned by Digimarc. – OrangeDog May 05 '17 at 16:32
  • While this is on a screenshot and only an example of the other answers, http://www.ownedcore.com/forums/world-of-warcraft/world-of-warcraft-general/375573-looking-inside-your-screenshots.html has a report on how Blizzard adds a really subtle watermark to every screenshot you take in order to track down private servers etc. – Nzall May 05 '17 at 16:35
  • You could easily introduce variations in intensity or color that fuzzily span several pixels, producing a pattern that can be extracted at low res. Then vary the pattern using a pseudo-random mask (ie, key), so that the desired data can be embedded. – Hot Licks May 05 '17 at 20:54
  • This has been done somewhat successfully before with the audio stream (e.g. [Cinavia](https://en.wikipedia.org/wiki/Cinavia)). – Blender May 05 '17 at 23:23

5 Answers5

40

Consider that you might not want what you are asking for. That is, if the purpose of watermarking is to prove that you authored it, your cuttingroom clips and outtakes are evidence enough - you can provide them, your violators cannot.

This does suggest a possible approach for the second use of watermarking, which is to identify who leaked the video.

This approach is frame removal. If you remove a tenth of a second here and there, it will not typically be noticed by those without access to your original footage. But it will be picked up by a camera.

Say in low-action scenes you remove a block of every 5th frame for half a second, and call that a "one"; or you don't remove them, and call that a zero. Your lead-in will be a string of ones, then a zero, then the ID, read right to left.

So say you read, in the recorded film, 111010110000.... then the 1110 is the lead-in, and the id is 00001101, or 0x0D. This is the 13th copy you gave out.

Synch the audio by cutting it, speeding it up, etc as appropriate.

The more frames you remove, the bigger the effect. Initially it will only be noticeable with a comparison against your original.

Another way to do this kind of timing-hack is just to remove N frames before/after each cut, or even insert extra darkness frames during fade-cuts. But that only lets you add/remove a few frames per cut, which reduces the number of bits of data you can store.

===

@Mindwin pointed out a fatal flaw in this idea.

Any unique watermarking system is vulnerable to comparison between two copies, in which case you can detect the watermarking.

But with my proposal above, given two copies, an attacker knowing the system can change it to a third id, either by removing additional frames, or by XORing or frame-duplicating to replace frames! Not good.

I thought perhaps by adding frames as well as removing them, that this could be resolved. But I can find no solution that would be proof against a determined and well-informed attacker (if I assume the algorithm is public, and that they have at least two watermarked copies).

I consider this a fatal flaw: no watermarking system should allow an attacker to frame another user as the leaker.

Dewi Morgan
  • 1,340
  • 7
  • 14
  • 3
    But then anyone holding two distinct copies of the video could XOR in the missing frames – Mindwin May 05 '17 at 12:21
  • 1
    @Mindwin The question doesn't mention any such requirement. – JollyJoker May 05 '17 at 13:02
  • 2
    @JollyJoker Is that (question not requiring it) relevant? I upvoted this answer before I commented, but felt the need to point out that the solution proposed in this answer is far from being completely "safe". – Mindwin May 05 '17 at 13:40
  • Damnitt, @Mindwin! That's a good point, I should've caught it, and I consider it to completely break my idea. Updated my answer :( – Dewi Morgan May 05 '17 at 14:46
  • 4
    @DewiMorgan DRM is an uphill battle that might as well be lost from start. Prof. Stallman's [standing on the subject](https://www.gnu.org/philosophy/opposing-drm.html) may be on the radical side, but the man is no dunce and he has very solid points. – Mindwin May 05 '17 at 15:20
  • 2
    +1, because this seems to be good solution to the original question. If you extend this idea to encode much, much longer hashed randomized "serial numbers", it's possible to use [Traitor tracing](https://en.wikipedia.org/wiki/Traitor_tracing) algorithms that would foil an attacker who has exactly two watermarked copies and the public algorithm, which doesn't seem to be a requirement of the original question. – David Cary May 05 '17 at 16:36
35

Your use case calls for a robust watermarking scheme. It has to resists compression and uncompression of the image, has to resist modification (e.g. white balance changes, lost pixels) and also geometrical variation due to the hand-held device capture not being perfect.

Robustness usually comes at the expense of invisibility and capacity. Since there is a need for identification and the robustness requirements are really strong, you are unlikely to find a scheme that respects all your demands given the current state of the art.

As a reference: A Survey of Digital Watermarking Scheme (Google cache).

abligh
  • 2,026
  • 11
  • 12
M'vy
  • 13,033
  • 3
  • 47
  • 69
  • 26
    An important point to make: there is a great difference between making a watermark that resists modifications incurred by, e.g., compression and decompression, and making a watermark that resists willful _removal_ by somebody who knows it's there and is intent on getting rid of it with minimal visual impact on the picture. To put things plainly, if the attacker has access to a test that can tell him "yeah, mark is there" or "no, no mark here", then he can pinpoint the mark with some dichotomy process, and thus achieve clean removal. No miracle there. – Thomas Pornin May 04 '17 at 14:58
  • 1
    It's usually assume in watermarking, that the presence of the mark is known. And yes, I only discussed the use case which is by itself already requiring a lot. Attacks on the mark are a whole different thing. – M'vy May 04 '17 at 15:02
  • 2
    What about ["The Penguin Barcode"](https://www.youtube.com/watch?v=kW39Mt5kscQ)? Somewhere in the video, a few frames could have a few images with this undeniable data. And every x seconds the object with the required features could be visible somewhere. And the junction of those frames could be encoding a public key. Shouldn't this work? If parts of the video are missing, the key is incomplete, but you can compare with the original and extract the data anyway. – Ismael Miguel May 05 '17 at 04:16
  • 1
    Your link appears to be down. – Todd Sewell May 06 '17 at 12:36
  • 1
    Looks like somebody didn't pay their domain bill. I've [edited in](https://security.stackexchange.com/suggested-edits/15953) the google cache link. Archive.org does not have a copy, sadly. – Jason C May 06 '17 at 20:46
5

Not, it's not hopeless, it all depends on how much information you want to encode.

For example, differences in color tones from one quadrant of the scene to the other can indicate whether you have a 0 or a 1. But encoding one bit for each frame (or for a sequence of frames) might be too low for you.

woliveirajr
  • 4,462
  • 2
  • 17
  • 26
  • 5
    If you're watermarking it you don't need very many bits. Just enough to verify that it's a valid watermark and probably an ID for it. The ID can be a 32 bit number unless you are making trillions of copies. Then you'd want to add error correction of course, but the whole thing should be only a couple hundred bits in the absolute worst case and at 24 FPS that means you need about a minute of video. I'd also repeat it throughout the video so you can catch it at any point. The choice of error correction will be very important, might be worth looking at QR codes – mirhagk May 04 '17 at 20:20
2

Another answer that's vulnerable to removal if people know it's there: ultrasound.

Informative links: https://science.slashdot.org/story/17/01/05/2159219/ultrasound-tracking-could-be-used-to-deanonymize-tor-users

http://rnd.azoft.com/mobile-app-transering-data-using-ultrasound/

Bonuses:

  • Most smartphones phones can record and recognize this given the right software.
  • You don't need to point a camera at the screen in an obvious way: you can just record audio with a phone in your pocket.

Weaknesses:

  • Speakers with low fidelity at high frequencies will filter out the ultrasound.
  • It's trivial to filter out.
  • It's vulnerable to lossy audio compression.
  • It requires an audio track, which not all videos have.

Given the weaknesses, I feel that this might work well as a backup method to support other methods suggested here, but doesn't fully target the question as asked.

Given the parameters of the question, though (that the only evidence that might be obtainable is a phone-cam recording), it seems like this might be useful in protecting the evidence-gatherers from exposure. If the phone vibrates saying "yup, violation", then they need to do no further investigation.

Dewi Morgan
  • 1,340
  • 7
  • 14
  • 3
    Also MP3 will filter out any and all ultrasound, replacing it with an ultrasound static hiss. Some of the most popular video formats use MP3 as the audio codec. – wizzwizz4 May 06 '17 at 07:18
  • @wizzwizz4 Yup, that's what I meant by lossy audio compression. – Dewi Morgan May 06 '17 at 21:02
  • First requirement in the question is for the watermark to be noticeable ... – schroeder May 07 '17 at 07:46
  • @schroeder No, it says it must be barely noticeable. – Hankrecords May 08 '17 at 09:23
  • @Hankrecords hence, noticeable - watermarks are *meant* to be noticed in order to deter copying – schroeder May 08 '17 at 09:32
  • 1
    @shroeder To me, your interpretation seems a valid one, addressed in rcorty's answer. To me, human-detectible watermarks are trivial: overlay a semi-transparent image on each frame. So I interpret "barely noticeable" as meaning "minimize noticeable effect on video quality". Steganographic watermarking (https://en.wikipedia.org/wiki/Digital_watermarking ) is detectible, just not by humans. – Dewi Morgan May 08 '17 at 17:26
  • 1
    @schroeder *Barely* noticeable, not noticeable. And the OP talks about "secret message" in the question, so I'm pretty sure he want the watermark to be as invisible as possible to the naked eye. – Hankrecords May 09 '17 at 07:04
1

This answer is tailored towards watermarking an image. It's relevant to your question about video because a video can be thought of as a series of images.

Compute the Fourier transform of the image. Write something in Fourier space. Just put plain text or a regular ole bar code right in the image. Transform it back to regular space. Viola! You can share the image and it will look normal. If you see something similar floating about, Fourier transform it and see if your text is there.

This works fine no matter the resolution of the image. I suspect the watermark would be ruined if someone lossy-compressed the image.

rcorty
  • 111
  • 1