The information hiding homepage

‘mosaïc’ attack

Some software used to search the Web for images marked with a digital watermarks. This was supposed to help discover both authorised and unauthorised uses of protected works. This is what Imagelock was doing: downloading pictures from the Internet, computing a digest (also called a ‘fingerprint’ by Imagelock people) of then and comparing this digest with digests registered in its database.

We showed that this could be defeated easily. Consider indeed the following two pictures. There is no difference between them except that one has been split into 6 independent pictures... the web browser simply ‘stick’ them back together at display time (resize your window if necessary). Both are watermarked with Digimarc; but the watermark is unreadable in the small parts. Same applies to Imagelock: the original image and the ‘mosaiced’ would have completely different digests... actually there are as many digests for the mosaic as sub-pictures in the mosaic! Here is an example of what is going on:

<img src="kings_chapel_wmk1.jpg" border="0" alt="1/6" width="116" height="140"/>
<img src="kings_chapel_wmk2.jpg" border="0" alt="2/6" width="116" height="140"/>
<img src="kings_chapel_wmk3.jpg" border="0" alt="3/6" width="118" height="140"/>
<img src="kings_chapel_wmk4.jpg" border="0" alt="4/6" width="116" height="140"/>
<img src="kings_chapel_wmk5.jpg" border="0" alt="5/6" width="116" height="140"/>
<img src="kings_chapel_wmk6.jpg" border="0" alt="6/6" width="118" height="140"/>

The attack works because copyright marking methods have difficulties to embed watermarks in small images (typically below 100×100 pixels). The bandwidth available for embedding is too small.

King's Chapel, Cambridge
King’s College Chapel, courtesy of John Thompson, JetPhotographic, Cambridge. In some cases downloading the mosaic is even faster than downloading the full image! In this example we used a 350x280-pixel image watermarked using Digimarc's PictureMarc 1.51.

Some of you might argue that the picture itself is pretty much flat black and that consequently there is not enough randomness to hide strong watermarks. Actually it does not matter at all and you can experiment yourself this ‘trick,’ by downloading 2Mosaic (version 0.2.2 – 30 October 1998). 2Mosaic is a small command line utility for Windows that will break apart any JPEG file and generate the HTML code needed to ‘reconstruct’ the picture. Ironically, some Web page designer also use 2Mosaic to prevent their images from being copied as this ‘irritated [them] to no end because [they] couldn’t download the pictures.’

More advanced tricks can be used to bypass such ‘crawlers.’ Java applets, ActiveX controls, etc. can be used to display the picture inside the browser. As Scott Craver, IBM Research, suggested to me, the applet could even de-scramble the picture at the request of the user.

Here is a rough example of what could be done. Many features could be added, such as de-scrambling, option for saving, etc.

The only solution for the watermark checker is to render the web page in memory, detect where the pictures are and check whether they contain a mark. It is obviously very expensive (CPU time).

One could also imagine that the web server ignores systematically the requests from the crawler or, as it is actually often the case, that the images are on a web server whose access is controlled (users need to register and pay a subscription). There was an article about this latter problem in the New-York Times.

These examples show that automatic checking does not prevent malicious users from displaying copyrighted pictures illegally on their Web page. Currently, only a manual/human check can deal with this problem.

Watermarked picture
Copyright © 1995, Fabien A. P. Petitcolas – Detail of a sculpture on the north facade of Notre Dame de Fourvière Basilica in Lyon, France. Picture watermarked using the maximum strength of Digimarc’s software, i.e. level 4 (thanks to Scott Craver).