A recoverable AMBTC authentication scheme using similarity embedding strategy

In this paper, we propose an efficient method for authenticating the absolute moment block truncation coding (AMBTC) compressed images with the capability to recover tampered blocks. The existing methods may not be able to detect some types of intentional tampering. Meanwhile, the tampered blocks are only recovered by their means, causing an unpleasant mosaic-like appearance. The proposed method classifies image blocks into groups according to their similarities, and the group information is recorded for the recovery purpose. The multiple copies of the group information are scrambled and embedded into the bitmap of smooth blocks. The dominant portions of quantization levels are adjusted to generate a set of authentication code candidates. The codes with the minimal distortion are embedded into the least significant bits (LSBs) of the quantization levels. The tampered blocks can be recovered by averaging those untampered ones with the same index. The experimental results show that the proposed method not only achieves an excellent marked image quality and detectability, but also offers a satisfactory recovered result.


Introduction
The rapid development of computing and software technologies has made people easy to enhance their photo qualities, create collages, and perform many other photo editing applications. In contrast, these modern techniques can also be used to tamper with digital images maliciously. Therefore, the development of image authentication schemes for protecting the integrity of digital images has been increasingly becoming important. In general, image authentication schemes can be classified into the signature-based [1] and fragile watermarkbased [2][3] approaches. The signature-based authentication approaches obtain the signatures from images and store the obtained signatures in a trusted third party. To authenticate the image, the signatures stored in the trusted third party are extracted to verify the integrity of the image. The fragile watermark-based approaches embed fragile watermarks into the image to construct a marked one. Since the embedded watermarks are fragile, tampering of a marked image will damage the embedded watermarks. Therefore, the presence of the tampering can be detected. Fragile watermark-based authentication approaches can be applied to the images of spatial or compressed domains. The spatial domain approaches embed authentication codes into cover images by altering pixel values directly. These approaches often use data embedding techniques [4][5][6][7][8] to achieve the goal of embedment. For example, Hsu and Tu [9] present an image authentication method by embedding authentication information into the least significant bits (LSBs) of image blocks. Their method is capable of detecting and locating tampered blocks of the spatial domain. Ullah et al. [10] propose a dual-purpose fragile watermark-based authentication method in which the located tampered area can be recovered. Hsu and Tu [11] extend the work of [9] and design an adaptive embedding rule for image tamper detection and recovery. Qin et al. [12] employ an overlapping embedding strategy to present a novel authentication method where the tampered blocks can be recovered pixel-wisely. Lo and Hu [13] propose a reversible authentication method based on residual histogram shifting. The tampered blocks can be successfully located, and the original image can be precisely reconstructed if none of the blocks are tampered. Hong et al. [14] improve the work presented in [13] and propose an efficient reversible authentication method using the pixel value ordering strategy.
In contrast, the compressed domain authentication approaches embed authentication codes into the images of compressed formats by altering the coefficients of compressed codes. Several authentication approaches of compressed domain such as Joint Photographic Experts Group (JPEG) [15], vector quantization (VQ) [16][17] and absolute moment block truncation coding (AMBTC) [18][19][20][21][22][23][24] have been proposed in the past decades. The AMBTC compresses an image block into a pair of quantization levels and a bitmap. Since the calculation of AMBTC compressed codes requires insignificant computation cost and provides acceptable image quality, it has attracted a number of researchers to investigate the AMBTC-based authentication methods. Nguyen et al. [19] design an image authentication scheme aiming at tamper detection for AMBTC compressed images. They utilize a reference table to embed authentication codes and achieve a high-quality embedded image while the capability of tamper detection is confirmed. Li et al. [20] present the other authentication method based on the AMBTC, in which the authentication codes are embedded into the quantization levels with the aid of a specially designed matrix. Chen et al. [21] recognize that the bitmap of each block is unprotected in [20], and thus propose an improved method to overcome the weakness of [20]. Hong et al. [22] propose an efficient authentication method by embedding the selected authentication codes into the quantization levels. Hong et al.'s method achieves a high marked image quality and is able to detect a variety of tampering.
While the aforementioned methods focus on authenticating the AMBTC codes, Hu et al. [25] propose an interesting authentication method which offers the capability to recover tampered blocks. Hu et al.'s method utilizes the differences of quantization levels to embed authentication codes, and uses the bitmaps of smooth blocks to carry recovery codes. Once the tampered blocks are detected, the recovery codes are extracted to recover the tampered blocks approximately. Hu et al.'s method achieves a satisfactory performance; however, the distortion introduced in their method is significant, and some of the modified quantization levels can possibly overflow or underflow. Moreover, since the embedded recovery codes are the means of blocks, apparent mosaic-like patterns can be seen in the recovered regions.
The proposed method classifies the AMBTC image blocks into groups of a similar pattern. The group information of each block, which is used to recover the tampered blocks, is scrambled and embedded into the bitmap of smooth blocks. A set of authentication codes is generated by altering the dominant portions of quantization levels, and an evaluation mechanism is employed to select the best candidate for embedment. The tampered blocks are recovered by averaging the pixel values of untampered ones of the same group. To better present the proposed method, the main symbols used in this paper and their definitions are listed in Table 1.
The rest of this paper is organized as follows. Section 2 introduces the AMBTC compression technique and Hu et al.'s method. Section 3 presents the proposed work, while Section 4 gives the experimental results. The concluding remarks are addressed in Section 5.

Related works
We briefly introduce the AMBTC compression technique in this section. Hu et al.'s method, which will be extensively compared with the proposed method, is also presented in this section.

The AMBTC compression technique
In 1984, Lema and Mitchell [26] Therefore, the AMBTC code of block O i can be written as a three-tuple (a i ,b i ,B i ). Each block is compressed using the same procedure, and the AMBTC codes The decompression of the AMBTC codes is quite straightforward. We denote by Here

Hu et al.'s method
In 2017, Hu et al. [25] proposed an AMBTC-based authentication scheme, which was able to recover the tampered image blocks approximately. In Hu et al.'s method, the higher and lower quantization levels are used to embed w-bit authentication codes, and the bitmaps of smooth blocks are used to carry the recovery information. Let T is a predefined threshold. In contrast, if d i >T, I i is a complex block. The w-bit authentication code ac w i is generated by ac w i ¼ rv i mod2 w , where rv i is a random integer generated from a pseudo-random number generator (PRNG). To embed ac w i into a i and b i , the first candidate of the higher quantization level b 0 is the w-bit parity value. The second candidate b 0 i;2 is calculated using the following rules.
Secondly, the candidate that is close to b i is selected to replace b i . The selected candidate is denoted by b s i . However, the smoothness classification of the block I i using the new difference b s i À a i could be changed. Hu et al. adopt a modification rule to recursively modify b s and d i have the same smoothness classification. Finally, the marked higher and lower quantization levels  [25], and the bitmap B i is then replaced by fb r g 8�t r¼1 . If d i >T, the bitmap B i is unmodified. To authenticate a blockĨ i ¼ ðã i ;b i ;B i Þ, the w-bit parity valuẽ is calculated, and the authentication codeãc w i ¼ ac w i is regenerated. Ifp i 6 ¼ãc w i ,Ĩ i is judged as a tampered block. Otherwise,Ĩ i is judged as an untampered one. The pixels of the tampered blockĨ i can be roughly recovered from the bitmaps of other untampered smooth blocks using the majority voting strategy. The detection and recovery procedures in detail can refer to [25].

The proposed method
Hu et al.'s method uses the quantization levels and bitmaps of smooth blocks to embed authentication codes and recovery codes, respectively. Their method successfully detects and approximately recovers the tampered blocks, and the detection mainly relies on Eq (2). However, for any integer ρ, substitutingã i � r � 2 w orb i � r � 2 w into Eq (2) also obtains the samep i . Therefore, their method fails to detect the tampering by adding or subtracting ρ×2 w to the marked quantization levels. Moreover, the tampering of marked bitmaps also cannot be detected by their method because the modification of bitmaps does not alter the extracted authentication codes. Besides, the embedment of the w-bit authentication codes ac w i into the quantization levels may cause a significant distortion for a large w. Therefore, the overflow and underflow problems can possibly occur. However, Hu et al.'s method provides no mechanisms to deal with these problems. Moreover, all pixels of a tampered block are recovered by a single mean value. As a result, the unpleasant mosaic-like effect is apparent, particularly in image edges.
We propose an improved authentication method with recovery capability for AMBTC codes to overcome the aforementioned problems. The framework of the proposed method is shown in Fig 1. The proposed method divides the quantization levels into tuneable and embeddable portions. The embeddable portions of the quantization levels are used to carry the authentication codes generated from the features of blocks using a hash function. The bitmaps of the smooth blocks are employed to embed the recovery codes. The tuneable portions of quantization levels are fine-tuned to generate a set of authentication code candidates of length w. The best candidate that minimizes the distortion is embedded into embeddable portions of the quantization levels. To generate the recovery codes, the image blocks are classified into 2 ψ groups according to their similarities. The τ copies of group information are scrambled and embedded into bitmaps of smooth blocks. By comparing the authentication codes embedded in the quantization levels and the ones generated from the hash function, the tampered blocks can be detected. The tampered blocks can be recovered by averaging the untampered blocks of the same group with the aid of recovery codes. While comparing with prior works, the proposed method can detect all kinds of tamper and obtain a higher marked image quality. Most importantly, the proposed method has the capability to recover the tampered regions, and offers a very satisfactory recovered image quality. The authentication and recovery procedures in detail will be presented in the following sections.

Generation and embedment of recovery codes
The recovery codes used in the proposed method are the ψ-bit indices generated using the kmeans clustering algorithm [28], which gathers similar input vectors into one group by specifying an index ranging from 0 through 2 ψ −1 to the group. Let fI i g N i¼1 be the image blocks decoded from the AMBTC codes fða i ; b i ; B i Þg N i¼1 . The proposed method takes fI i g N i¼1 as the input vectors and generates a set of group indices fs i g N i¼1 as the outputs according to the similar measurement, where σ i 2[0,2 ψ −1] and ψ is a user-specified constant (2 ψ �N). The group index σ i represents that block I i is clustered in the σ i -th group. Note that blocks with the same group index indicate that they are more similar than other blocks with different ones. The generated group indices fs i g N i¼1 are the recovery information to be embedded into the bitmaps of smooth blocks. The bitmap B i of the smooth block I i consists of n×n bits. The first τ×ψ bits are utilized to carry τ×ψ-bit recovery codes, and the other n×n−τ×ψ bits remain unmodified. To embed the recovery codes, the set fs i g N i¼1 is scrambled using a key to generate τ copies of scrambled indices fs 0ðkÞ i g N i¼1 for 1�k�τ. The scrambled indices fs 0ðkÞ i g N i¼1 are then converted into ψ-bit binary representations fðs 0ðkÞ To embed the indices, the AMBTC codes The embedment can be conducted by replacing the ((k −1)×ψ+1)-th bit through (k×ψ)-th of B i by ðs 0ðkÞ i Þ 2 for 1�k�τ. If b i −a i >T, B i remains unchanged. Each block is processed in the same manner, and the embedded bitmap fB i g N i¼1 can be obtained.
We use a brief example to illustrate the generation and embedment procedures of the recovery codes. Let I ¼ fI i g 9 i¼1 be a 3×3 AMBTC compressed blocks (Fig 2A), where the third and fourth blocks are complex ones. Suppose ψ = 2 and τ = 2. Therefore, the nine blocks fI i g  The same embedding procedure is applied to the rest blocks, and we finish the embedment of recovery codes. Note that I 3 and I 4 are complex blocks, so no group indices are embedded into their bitmaps.

Generation and embedment of authentication codes
Given two integers x and y, x can be expressed as the summation of two integers bx/2 y c×2 y and xmod2 y . The first integer bx/2 y c×2 y is the dominant portion of x. The second integer xmod2 y is the decimal value of y-LSBs of x. In the proposed method, the dominant portions of a i and b i are used to generate a w-bit authentication code ac w i . The generated ac w i is embedded into the LSBs of a i and b i . Because the bitmaps of smooth blocks and the LSBs of quantization levels are modified for data embedment, a slight adjustment of the dominant portions of quantization levels may lead to a smaller distortion. Therefore, the dominant portions are indeed adjustable, and the LSBs of the quantization levels are embeddable portions. However, the adjustment of dominant portions also alters the generated ac w i . Therefore, we propose a least distortion embedding (LDE) technique to find the best dominant portion such that the embedment of ac w i causes the smallest distortion. Let ða i ; b i ;B i Þ be the AMBTC tuple to be embedded with w-bit authentication code ac w i , whereB i is the bitmap derived from Section 3.1. Suppose ac w 1 i and ac w 2 i (w 1 +w 2 = w) are the authentication codes to be embedded into the LSBs of a i and b i , respectively, and ac w i ¼ ac w 1 i kac w 2 i , where || represents the bitstream concatenation operator. The ac w i is generated by hashing the small alteration of dominant portions of a i and b i , the bitmapB i , the location information i, and the image identification number I d . Since the bitmaps of smooth blocks are utilized to carry recovery bits, a smooth block should be still classified into a smooth one after embedment. We use the function f(a i ,b i ) to evaluate whether a block I i with the code ða i ; b i ;B i Þ is smooth. If |a i −b i |�T, f(a i ,b i ) returns 1, indicating that I i is a smooth block; otherwise, f(a i ,b i ) returns 0. As a result, the embedment of authentication codes can be formulated as an optimization problem below: Minimize : Subject to : where hash w (•) is a w-bit hash function, and I 0 i;j is the j-th pixel value of the i-th block I 0 i . In solving the problem, the constant c is confined within a small range, and setting c = 5 is enough to give the optimal solutions under insignificant computation cost. In some rare cases, if the optimal solutions cannot be found, we may simply perturb a i and b i by one unit iteratively and resolve the optimization problem until an optimal solution is found. We denote by ðâ i ;b i Þ the solution to the Eqs (3)- (9). Each block is processed in the same manner, and the marked AMBTC codes fðâ i ;b i ;B i Þg

Detection and recovery of the tampered blocks
To authenticate the AMBTC tuple fðã i ;b i ;B i Þg N i¼1 with the image identificationĨ d , the embedded authentication codeẽac i is extracted by concatenating the w 1 LSBs ofã i and w 2 LSBs ofb i .

The w-bit hash value of the tuple ðã
Þ is judged as an untampered one. Otherwise, ðã i ;b i ;B i Þ has been tampered. Each tuple in the AMBTC codes is authenticated in a similar manner, and the tampered tuples can be detected. The aforementioned detection procedures are referred to as the first-stage detection. The proposed method also uses the second-stage detection to further refine the detection results. Since most of the tampered regions are contiguous, a block judged as an untampered one is likely to be tampered if this block is surrounded by some tampered blocks. Therefore, after the first-stage detection, if two out of the four neighbors of an untampered block are tampered, this untampered block is re-judged as a tampered one.
After the second-stage detection, the location information of the tampered and untampered blocks is known. Since τ copies of the group information (indices) of those tampered blocks are scrambled and embedded in the bitmaps of smooth blocks, we can extract τ copies of the recovery information fs 0ðkÞ i g N i¼1 , and perform the reverse scrambling using the same key to obtain the group information fs ðkÞ i g N i¼1 for 1�k�τ. Note that some of the indices in fs ðkÞ i g N i¼1 might be damaged or missing because they are mapped from the tampered smooth blocks or complex ones. By comparing τ copies of fs ðkÞ i g t k¼1 , the correct indices fs i g N i¼1 associated with blocks fĨ i g N i¼1 can be obtained, though some of them might be still damaged or missing. We use ft i g N i¼1 to represent the detection results, where t i = 0 ifĨ i is tampered, and t i = 1 ifĨ i is untampered. The recovered blockĨ R i used to replace the corresponding tampered blockĨ T i can be obtained by averaging those untampered ones with the same group indexs i . That is, suppose there are N UT s i untampered blocks with group index valueds i , then the tampered blockĨ T i can be recovered byĨ The aforementioned recovery procedures are referred to as the first-stage recovery of the proposed method. Notice that some group indices in fs i g N i¼1 might not be available. Therefore, tampered blocks with those unavailable group indices cannot be recovered. Fortunately, these blocks are sparsely distributed in the tampered regions. For those tampered blocks, the second-stage recovery can be performed by averaging the block means of their available neighboring blocks.
We continue the example given in Section 3.1 to illustrate the recovery of tampered blocks. Suppose the fourth and fifth blocks have been detected as tampered ones (Fig 3A. Note that the third and fourth blocks are complex ones; therefore, the bitmaps of these blocks have no recovery codes embedded. By extracting the recovery codes embedded in the bitmaps of other blocks, we obtain two copies of the scrambled group indices (Fig 3B and 3C). Perform the inverse scrambling of these indices, we have the recovered group indices fs i g 9 i¼1 (Fig 3D). Because the group index ofĨ 4 iss 4 ¼ 2, and the indices of the sixth and eighth blocks are also equal to 2,Ĩ 4 can be recovered by averagingĨ 6 andĨ 8 . Similarly, because the group index ofĨ 5 iss 5 ¼ 1 and only the index of the third block is equal to 1,Ĩ 5 is then recovered byĨ 3 .

Experimental results
In this section, we conduct several experiments to evaluate the performance of the proposed method and compare the results with some related works. A total of eight grayscale images of size 512×512 are used as the test images (Fig 4). In these images, the first six images are  obtained from the USC-SIPI image database [29], while the last two images are taken from a modern digital camera. These test images are compressed using the AMBTC compression technique with a 4×4 block size. The compressed codes are then used to embed the authentication and recovery codes.
The peak signal-to-noise ratio (PSNR) metric is used to measure the quality of the marked image. A higher PSNR indicates that the image has a better visual quality. The PSNR presented in this section is obtained by comparing the marked image or recovered image with the image decoded from the original unmodified AMBTC codes.
Since the original AMBTC codes fa i ; b i ; B i g N i¼1 are modified due to the embedment of the authentication and recovery codes, the distortions can be theoretically analyzed by comparing for a given threshold T. Let Z uv i be the number of bits valued u in B i but valued v inB i after embedment. Therefore, the mean square error (MSE) can be obtained by As seen from Eq (11), a smaller T can obtain a higher quality of the marked image. However, the quality of the recovered image could be reduced due to insufficient embedment of recovery codes. It is interesting to note that for a given threshold T, the smooth images possess larger distortions because the blocks with b i −a i �T used to carry the recovery codes are more than those of complex ones. Table 2 shows the image quality comparisons of the eight test images when setting w 1 = w 2 = 2 and T = 12 for various combinations of ψ and τ. Note that the bitmap of a 4×4 block consists of 16 bits, and τ copies of ψ-bit recovery codes are chosen such that most of the bits in the bitmap of smooth blocks are embedded (τ×ψ�16). As shown in Table 2, all the marked images achieve satisfactory image quality. Note that setting τ = 2 and ψ = 6 give the highest image quality for all the test images, since the number of bits modified in the bitmap is the smallest. It is interesting to note that under the same threshold T = 12, the PSNRs of complex images such as Baboon are higher than those smooth ones (e.g., the Splash image). This is because the smooth blocks of a complex image are fewer than those of a smooth image. The proposed method uses bitmaps of smooth blocks to carry the recovery information, and thus the distortion of complex images is smaller because fewer recovery codes are carried. Table 3 shows the effect of the LDE technique on image quality by varying the length of authentication codes w. In this experiment, ψ = 7, τ = 2 and T = 12 are set. The LDE technique effectively increases the image quality for every w and every test image. It is worth noting that the increase in PSNRs is more substantial at smaller w, and the increase becomes smaller as w increases. For example, the increase in PSNR of the Sailboat image at w = 2 is 39.50−-36.87 = 2.63dB, while the increase reduces to 32.38−31.47 = 0.91dB when w = 8. The reason is that the embedment using a larger w distorts the quantization levels more, and a smooth block is likely to become a complex one or vice versa after embedment. Therefore, the constraint given in Eq (7) has to be applied to maintain the consistency of smoothness classification. As a result, the increase in PSNR is penalized as the length of the authentication codes increases. Table 4 shows the PSNR comparisons of a variety of threshold T at ψ = 7, τ = 2, and w = 4. It is not surprising that the PSNR decreases as T increases, owing to an increase of T which causes more blocks to be classified into smooth ones. Since more smooth blocks are allowed to embed more recovery codes into the bitmaps, the degradation in image quality can be observed. Nevertheless, all the marked images still have a satisfactory image quality, even when T = 20 is set.

Performance comparisons of the proposed method
To demonstrate the detectability of the proposed method, we tamper the Jet image by adding two additional jets (Fig 5A). In the experiment, the parameters T = 12, ψ = 7, τ = 2, and w = 4 are set. The first-stage detection result is shown in Fig 5B, where the tampered blocks are marked in black. Because w = 4, the theoretical probability of hash collision is 1/2 4 = 0.0625. In this experiment, 1343 blocks are tampered, and 1260 blocks are detected. Therefore, the false negative rate is approximately 1−1260/1343'0.0618, which coincides with the theoretical value. The second-stage detection is able to detect all the tampered blocks (Fig 5C).   Fig 6A-6C give the results of the first-stage recovery, where the black dots represent unrecoverable tampered blocks. Note that some blocks appointed to embed the recovery codes of tampered blocks are complex or tampered. Therefore, the recovery codes of these blocks are unavailable. As a result, the presence of unrecoverable tampered blocks is likely inevitable.
Not surprisingly, the unrecoverable blocks decrease as τ increases. Since more copies of the recovery codes are embedded into the bitmaps of smooth blocks, a tampered block has more chances to be recovered by the undamaged codes. However, more copies of recovery codes are also accompanied by a shorter length of recovery codes due to the limited bitmap size, and subsequently impede the quality of recovered portions. As shown in Fig 6D-6F where the second-stage detection results are presented, the visual quality of Fig 6D is noticeably better than those of Fig 6E and 6F. Notice that the contour effect is apparent in the recovered portion of clouds in Fig 6F; however, it is unnoticeable in Fig 6D. In fact, the PSNRs of the recovered Jet images shown in Fig 6D, 6E and 6F are 40.32, 40.08 and 39.84 dB, respectively, concurring with the visual perception. In the proposed scheme, we recommend setting τ = 2 to achieve a more satisfactory recovery result.

Comparisons with Hu et al.'s method
In this section, we compare the marked image quality, detectability, and recovered image quality of the proposed method with those of Hu et al.'s method. To make a fair comparison, we set T = 12, τ = 2, and ψ = 8 for both methods. Table 5 shows the image quality comparisons for different lengths of authentication codes.
As shown in Table 5, the image qualities of the proposed method are all higher than those of Hu et al.'s method, and the improvement in PSNR is even significant for a larger w. For example, when w = 2, the improvement in PSNR for the Sailboat image is 39.43−36.30 = 3.13 dB, whereas the improvement increases 36.64−25.45 = 11.19 dB when w = 16 is set. The rapid decrease in PSNR of Hu et al.'s method is due to the fact that the parity value p i given in Eq (1) has to satisfy p i ¼ ac w i , where ac w i is the to-be-embedded authentication code. As a result, a substantial modification to the quantization levels is inevitable. Moreover, Hu et al.'s method  provides no mechanism to solve the overflow and underflow problems. Therefore, once the embedded quantization levels are overflow or underflow, the embedded messages cannot be extracted. In contrast, the proposed method has provided a constraint (Eq (8)) to prevent these problems from occurring. In the following experiments, we compare the detectability and recoverability of both methods. The length of authentication code w = 4 is set for both methods to obtain a fair comparison between the image quality and detectability. To tamper the marked Sailboat image ( Fig  7A), we move the boat on the river to the northwest of its original location. The background of the boat is also modified to make the scenes look more natural. The tampered image is shown in Fig 7B, while tampered regions are indicated in Fig 7C. Both of Hu et al.'s and the proposed methods are able to detect the tampering of the boat (Fig 7D and 7G), and recover most of the tampered blocks (Fig 7E and 7H). However, the recovered blocks of Hu et al.'s method have apparent mosaic-like patterns, as shown in Fig 7F, which is the magnified version of the Sailboat image. This is because all pixels of a tampered block are recovered by an identical mean value. In contrast, the tampered blocks of the proposed method are recovered by averaging the similar blocks of tampered ones. As a result, a more pleasant recovery result can be achieved ( Fig 7I). In fact, the PSNRs of the images shown in Fig 7F and

Performance comparisons of some special tampering
A well-designed authentication scheme should be able to detect any kinds of tampering to a large extent. In this section, we perform special tampering to the marked Sailboat image obtained from Hu et al.'s and the proposed methods. In the experiment, the parameters T = 12, ψ = 8, τ = 2, and w = 4 are set for both methods. To tamper the marked image shown in Fig  8A, we paste a bird image in the sky and paste three boats on the river. The tampered image and tampered regions are shown in Fig 8B and 8C Fig 8E and 8F give the recovery results of the first and second stages. As shown in Fig 8F, the bird image cannot be recovered, while some incorrect recovered blocks are sparsely distributed in the tampered regions of boats. The incorrect recovery is due to the misjudgment of the tampered blocks of the bird image, and the recovery codes of the regions tampered by the boats image is partially embedded in the bitmaps of the bird image. In contrast, the proposed method not only successfully detects both of the tampered regions (Fig 8G) but also gives a satisfactory recovery result (Fig 8H and 8I). Table 6 shows the performance comparisons of the proposed and relevant works. In this table, the term "Type A tampering" indicates that the tampering is performed by flipping two bits of the bitmap, whereas "Type B tampering" represents the tampering is conducted by adding a constant 16 to the quantization levels. Note that only [22] and the proposed method are able to detect the aforementioned special tampering, while the other methods are not. The reason is that methods [19][20][21] and [23][24][25] use a PRNG to generate the authentication codes,  which are irrelevant to the contents they protect. In contrast, the authentication codes of [22] and the proposed method are generated by hashing the to-be-protected contents. Therefore, they are able to detect various types of tampering. Note that of all the compared methods, only [25] and the proposed method offer the capability to recover the tampered regions. However, the bitmaps in [25] are unprotected, and some special tampering could evade the detection using this method, as presented in this section. In contrast, the proposed method is not only able to detect various types of tampering, but also provides the recovery capability of tampered regions.

Conclusions
In this paper, we propose an efficient authentication method with the capability of recovery for the AMBTC compressed image. The blocks of the AMBTC image are classified into groups according to their similarities. Several copies of the group indices are embedded into the bitmaps of smooth blocks. The dominant portions of the quantization levels, the bitmap, and other required information are hashed to generate the authentication codes. The generated authentication codes are then embedded into the LSBs of the quantization levels. The proposed method successfully detects a variety of tampering, while the tampered blocks are recovered using similar patterns. Experimental results reveal that the proposed method not only outperforms Hu et al.'s and other related methods, but also achieves a very satisfactory marked image quality.

Author Contributions
Conceptualization: Wien Hong.