d.wvl.7 first summary report on forensic tracking · after this, general requirements are reviewed...

IST-2002-507932

ECRYPT

European Network of Excellence in Cryptology

Network of Excellence

Information Society Technologies

D.WVL.7

First Summary Report on Forensic Tracking

Due date of deliverable: 31. January 2005Actual submission date: 25. February 2005

Start date of project: 1 February 2004 Duration: 4 years

Lead contractor: Fraunhofer Gesellschaft e.V. (FHG)

Revision 1.0

Project co-funded by the European Commission within the 6th Framework Programme

Dissemination Level

PU Public X

PP Restricted to other programme participants (including the Commission services)

RE Restricted to a group specified by the consortium (including the Commission services)

CO Confidential, only for members of the consortium (including the Commission services)

Abstract

In this document, the activities within workpackages 6 are reported. The relation of work-package 6 to the different virtual labs within ECRYPT and the other workpackages in theWAVILAB is described. An introduction motivates forensic tracking applications. The usageof watermarking and fingerprinting technologies for forensic tracking applications is explained.A detailed information about relevant application scenarios and practical realizations follows.Typical application scenarios are explained. After this, general requirements are reviewedand practically relevant evaluation criteria are discussed. This is followed by related issuesincluding legal aspects. A report on the activities within workpackage 6 finalizes this docu-ment.

First Summary Report on Forensic Tracking

EditorMartin Schmucker (FHG)

ContributorsMichael Arnold (FHG),

Jana Dittmann (GAUSS),Wolfgang Funk (FHG),

Roland Norcen (GAUSS),Wolfgang Spinnler (FHG),Martin Steinebach (FHG),

Sviatoslav Voloshynovski (UNIGE)

25. February 2005Revision 1.0

The work described in this report has in part been supported by the Commission of the European Com-munities through the IST program under contract IST-2002-507932. The information in this document isprovided as is, and no warranty is given or implied that the information is fit for any particular purpose. Theuser thereof uses the information at its sole risk and liability.

Contents

1 Introduction 1

1.1 The Purpose of Forensic Tracking . . . . . . . . . . . . . . . . . . . . . . . . . 1

1.2 Forensic Tracking Based on Watermarks . . . . . . . . . . . . . . . . . . . . . 2

1.3 Forensic Tracking Based on Perceptual Hashes . . . . . . . . . . . . . . . . . 4

1.4 Outlook . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

2 Application Scenarios and Practical Realizations 7

2.1 General Application Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2.1.1 Efficient and Robust Monitoring . . . . . . . . . . . . . . . . . . . . . 9

2.2 Practical Realizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

2.2.1 Content Identification . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

2.2.2 Automated Search and Music Distribution . . . . . . . . . . . . . . . . 10

2.2.3 Computer Aided Collecting . . . . . . . . . . . . . . . . . . . . . . . . 10

2.2.4 Broadcast Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

2.2.5 Broadcast Coverage Measurement . . . . . . . . . . . . . . . . . . . . 11

2.2.6 Copy Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

2.2.7 Securing of pre-mastered items . . . . . . . . . . . . . . . . . . . . . . 11

2.2.8 Securing of on-line content distribution services . . . . . . . . . . . . . 12

2.2.9 Watermarking Applications for Physical Goods . . . . . . . . . . . . . 12

3 Requirements 14

3.1 General Requirements on Watermarking . . . . . . . . . . . . . . . . . . . . . 14

3.1.1 (Im-)Perceptibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

3.1.2 Robustness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

3.1.3 Attacks to the security . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

i

ii ECRYPT — European NoE in Cryptology

3.1.4 Capacitity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

3.1.5 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

3.1.6 Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

3.1.7 Requirements Derived from the Application Scenarios . . . . . . . . . 16

3.1.8 EBU Video Broadcasting Evaluation . . . . . . . . . . . . . . . . . . . 17

3.1.9 EBU Audio Broadcasting Evaluation . . . . . . . . . . . . . . . . . . . 17

3.2 Requirements on perceptual hashing . . . . . . . . . . . . . . . . . . . . . . . 18

3.2.1 Discrimination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

3.2.2 Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

3.2.3 Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

3.2.4 Robustness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

3.2.5 Searching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

3.2.6 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

4 Related Issues 21

4.1 Collusion Resistance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

4.2 Anonymous and Zero-Knowledge Watermarking Protocols . . . . . . . . . . . 21

4.3 Legal status of digital watermarking . . . . . . . . . . . . . . . . . . . . . . . 22

4.3.1 Belgium . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

4.3.2 Germany . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

4.3.3 Switzerland . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

5 Research Activities on Forensic Tracking and Related Activities withinECRYPT 25

5.1 Research Activities performed by GAUSS . . . . . . . . . . . . . . . . . . . . 25

5.1.1 Media Forensics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

5.1.2 Content dependency of watermarks and capacity constraints for anno-tation watermarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

5.1.3 Capacity constraints . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

5.1.4 Robust fingerprints for digital images . . . . . . . . . . . . . . . . . . 26

5.2 Research Activities performed by FHG . . . . . . . . . . . . . . . . . . . . . . 26

5.2.1 Perceptual image hashes . . . . . . . . . . . . . . . . . . . . . . . . . . 26

5.2.2 Database structures and similarity measures . . . . . . . . . . . . . . . 27

5.3 Research Activities performed by UNIGE . . . . . . . . . . . . . . . . . . . . 27

D.WVL.7 — First Summary Report on Forensic Tracking iii

5.3.1 Error resilient visual scrambling . . . . . . . . . . . . . . . . . . . . . 27

6 Summary 30

A Video Watermarking - EBU tests requirements 31

B Audio Watermarking - EBU tests requirements 34

C Glossary 37

C.1 About Digital Hashes, Digital Fingerprints, Perceptual (Digital) Hashes, andPerceptual (Digital) Fingerprints . . . . . . . . . . . . . . . . . . . . . . . . . 37

List of Tables

5.1 Input image (a), scrambled image with 3 lost packets (b), descrambled imageafter 3 lost packets (c), scrambled image with 12 lost packets (d), descrambledafter 12 lost packets (e). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

5.2 Scrambled and compressed images with quality compression factors 30% (a),70% (c), 90% (e); descrambled images after scrambling and compression withfactors 30% (b), 70% (d), 90% (f). . . . . . . . . . . . . . . . . . . . . . . . . 29

A.1 EBU Video Watermarking Test Requirements . . . . . . . . . . . . . . . . . . 33

B.1 EBU Audio Watermarking Test Requirements . . . . . . . . . . . . . . . . . . 36

iv

List of Figures

1.1 The general principle of a watermarking system (see [7]): A watermark em-bedder maps the input message M to a watermark message. This mappingis based on the watermark embedding key. The watermark message is addedto the cover work X resulting in a signal Y containing the watermark. Thewatermark detector receives a signal Y ′, which is potentially distorted. Basedon the watermark detection key the watermark decoder maps the watermarksignal back to the received message M ′. . . . . . . . . . . . . . . . . . . . . . 3

1.2 The general identification based on fingerprints involves two functional blocks[5]: First, the perceptual hash value (fingerprint) is calculated. Second, adatabase look-up retrieves one or more stored values. A following hypothe-sis testing verifies if a content has been identified correctly. The results arereturned. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

2.1 Identification application areas can be grouped in usage monitoring, usagecontrol, and meta-data labelling. . . . . . . . . . . . . . . . . . . . . . . . . . 8

2.2 The default transaction watermarking application is shown in this figure: If acustomer downloads a digital content (in this case an image) a customer specificinformation is embedded. In this scenario the customer specific information isgathered from a Customer Relationship Management (CRM) system. . . . . . 12

2.3 For the retrieval process different information is required depending on theembedding algorithm used. Non-blind watermarking algorithms require theoriginal for the detection. The detected/retrieved information is comparedwith customer specific information stored in the CRM. . . . . . . . . . . . . . 13

5.1 Secure delivery of a digital image. . . . . . . . . . . . . . . . . . . . . . . . . . 27

v

vi ECRYPT — European NoE in Cryptology

Chapter 1

Introduction

1.1 The Purpose of Forensic Tracking

Nowadays, due to numerous advantages, nearly all information is stored and transmitted indigital format. Especially in areas like content production, distribution, and consumption thedigital representation provides additional possibilities and new ways of experiencing content.Yet, due to the possibility of lossless copying and fast distribution, digital content can beeasily misused: Digital content can be easily replicated or copied without major obstacles.Also, content distribution can be achieved at negligible costs.

As a direct result, illegal digital information distribution is omnipresent. Independentof the content type, illegal copies are distributed and sold worldwide. The content industrysuffers losses due to illegal copying.

• According to the IFPI piracy report 2004 ”illegal music sales valued at US$4.5 billionin 2003. A record 35% of all music discs sold worldwide are illegal copies. Traffic infake CDs grows more slowly, with stepped up enforcement actions.” [12, 10]. Similarly,Internet piracy is a major problem for the recording industry: ”Internet file-sharinginvolves 800 million unauthorised music files at any one time Web and FTP sites offeranother 100 million unauthorised music files. A large majority of unauthorised files(74%) are being made available by a small minority of peer-to-peer users (16%, accordingto US research consultancy Net PD Sept 2003)” [11].

• The movie industry estimates ”that the U.S. motion picture industry loses in excess of$3 billion annually in potential worldwide revenue due to piracy. Due to the difficulty incalculating Internet piracy losses, these figures are NOT currently included in the overallloss estimates. However, it is safe to assume Internet losses cause untold additionaldamages to the industry.” [35].

As this development is independent of the content itself but only caused by the digitalrepresentation also the software industry faces the same difficulties. ”Studies show that about30 percent of all software in the United States is used in violation of licensing standards. In

1

2 ECRYPT — European NoE in Cryptology

Asia, illegal software is used on more than 90 percent of desktop computers.” [34].

Obviously, the victims of illegal distribution and usage of digital information are lookingdesperately for technical and legal remedies. Potential technical and legal solutions haveto go hand in hand. The legislative has to build a framework, which constitutes legal andillegal actions. Due to the huge amount of digitally exchanged information, manual controlcan comprise only a very small part of the potentially available distribution channels. Thus,technological support is necessary.

On the one hand, this support has to prevent illegal copying and distribution. Thesemechanisms are therefore called active protection technologies: They actively impede copyingby restricting access to information. Among those methods is cryptography. It denies accessto information if the accessing person does not have adequate privilege or knowledge (keys).Within ECRYPT the virtual labs on symmetric techniques (STVL), asymmetric techniques(AZTEC), protocols (PROVILAB), and secure and efficient implementations (VAMPIRE)devote their activities on active protection.

On the other hand, passive protection technologies allow the identification of illegalcopying and misuse of digital information. Watermarking and perceptual hashing are passiveprotection techniques. WAVILAB focuses on them. Due to their support of the judiciarycertain requirements can be identified. These required properties of forensic trackingtechniques can be summarized as security and reliability.

Forensic tracking can be based on watermarks. The theoretic concept of security forwatermarking methods is considered in the deliverable D.WVL.1 ”First Summary Reporton Fundamentals” [25]. The deliverable D.WVL.3 ”First Summary Report on PracticalSystems” investigates the security of practical data-hiding systems and protocols [26]. Inaddition to watermarking, forensic tracking of digital content can be achieved by deployingfingerprinting techniques. In the following we shortly introduce both technologies and theirdifferences.

1.2 Forensic Tracking Based on Watermarks

Watermarking systems actively embed a message in a carrier by manipulating the digitalcarrier. The general principle, e.g. as explained in [7], is shown in Figure 1:

• The watermark embedder transforms or maps the input message M to the watermarkingsignal. According to Kerckhoff’s Law [18] the transformation (or mapping) should beknown publicly. Instead, an embedding key ensures the secrecy. This watermarkingsignal is added to the original cover work X resulting in a modified watermarked signalY.

• The watermarked signal Y is potentially affected by noise. This noise can also be caused

D.WVL.7 — First Summary Report on Forensic Tracking 3

by intentional attacks. Thus, the watermark detector receives a potentially distortedsignal Y’.

• The watermark detector uses a detection key to extract the embedded message M’ fromthe received signal Y’. Due to manipulations there might be some errors in the extractedsignal M’.

Watermark embedder

Watermark encoder

Watermark detector

Watermark decoder + + Input message

M

Watermark embedding key

Original cover work X

Noise

Watermark detection key

Y Y’ M’

Figure 1.1: The general principle of a watermarking system (see [7]): A watermark embeddermaps the input message M to a watermark message. This mapping is based on the watermarkembedding key. The watermark message is added to the cover work X resulting in a signal Ycontaining the watermark. The watermark detector receives a signal Y ′, which is potentiallydistorted. Based on the watermark detection key the watermark decoder maps the watermarksignal back to the received message M ′.

Two potential attacks can be identified: attacks on the robustness of the watermarks andattacks on the security of the system. Although during writing this report there is still anongoing discussion about this terminology, within this report we use the definition given in[25]:

• ”Attacks to robustness are those whose target is to increase the probability of error ofthe data-hiding channel.”

• ”Attacks to security are those aimed at gaining knowledge about the secrets of thesystem.” (e.g. the embedding and/or detection keys).

Attacks to robustness and security underlie different attacking strategies. Thus, they havedifferent effects and threats for applications:

• Attacks to robustness allow attackers to interfere with the embedded watermarkingsignal. This means that the communication channel, which is created in the originaldata through the watermarking system, is interfered. E.g. processing operations on asignal containing a watermark will disturb the watermark detector. As a result, thefalse negative rate is increased. Embedded messages cannot be read reliably.


• Attacks to security aim at revealing information of watermarking process chain. This isdifferent as this knowledge of the watermarking process chain can be used for a differentclass of attacks. E.g. if attackers are able to gain information about the embeddingthey might also be able to forge a watermark.

Obviously, both attack classes are relevant for forensic tracking application scenarios.

1.3 Forensic Tracking Based on Perceptual Hashes

In contrast to watermarks perceptual hashing or fingerprinting techniques do not embed amessage into a digital content. Instead, they calculate an identifier. This identifier ideallyuniquely identifies the input data. Thus, their properties can be compared with cryptographichash functions. According to Wikipedia [39] general prerequisites are:

• Preimage resistant: given the hash h it should be hard to find the message m suchthat h = hash(m).

• Second preimage resistant: given an input m1, it should be hard to find anotherinput, m2 (not equal to m1) such that hash(m1) = hash(m2).

• Collision-resistant: it should be hard to find two different messages m1 and m2 suchthat hash(m1) = hash(m2).

In [23] another property is given:

• Random oracle property: the hash function h behaves as a randomly chosen func-tion.

A perceptual hash function has to fulfill a different requirement which contradicts theprerequisites of the ”second preimage resistant” and the ”collision-resistant”:

• Perceptual similarity: If two given inputs m1 and m2 are perceptually equal (similar)their corresponding hash values should be equal: hash(m1) = hash(m2) (rsp. similar:hash(m1) ≈ hash(m2)).

Perceptual similarity requires fingerprinting methods to be individually developed fordifferent content types (like watermarking technologies). A general scheme, as given in [5], isshown in Figure 2 and involves the following operations:

• Feature extraction and processing: Typically, the input signal is pre-processed,which depends on the data type. For audio typical pre-processing operations are down-sampling, format conversion, and band-pass filtering. Similarly, pre-processing opera-tions for image data includes resizing or color conversion. In the case of audio or videothe input data are segmented and so-called ”sub-fingerprints” are calculated. Featuresare generally extracted from a transformation domain where redundancy is decreased(similar to compression). Within this transformation domain relevant features are ex-tracted. In a post-processing specific relative measures can be derived.


• Fingerprint modeling: The multi-dimensional input vector sequence is mapped to asingle vector to produce compact fingerprints. This can also include a binarisation.

• Database lookup: The first step in matching the calculated perceptual hash value(s) isto identify similar content. This is done by a database lookup. Obviously this databaselookup includes a search in pre-calculated perceptual hash value(s). Different searchstrategies can be applied and must consider the chosen fingerprint model. Similarity iscalculated by a suitable distance function.

• Hypothesis testing: Finally, the identified content item(s) are validated using a hy-pothesis test. A hypothesis testing involves a threshold. This threshold has to be chosencarefully. Different previously outlined issues influence this threshold.

These steps can be grouped in two functional blocks:

• Fingerprint calculation: Here, a secret key can be used for the calculation of the fin-gerprints. As this allows the calculation of key dependent fingerprints/perceptual hashvalues it increases the security of the fingerprinting calculation. (Relevant applicationsinclude content authentication scenarios as described in D.WVL.6 [24].)

• Fingerprint matching: The previously decribed database and the following hypothe-sis testing are necessary for matching the calculated perceptual hash values with alreadystored ones. This potentially influences the following matching process, as perceptualdistance metrics will not apply.

Fingerprinting calculation Fingerprinting matching

Fingerprint modelling

Database lookup Original content Identification

Distance

Search

Hypothesis testing

Perceptual hash value(s)

secret key

Feature extraction and

processing

Figure 1.2: The general identification based on fingerprints involves two functional blocks[5]: First, the perceptual hash value (fingerprint) is calculated. Second, a database look-upretrieves one or more stored values. A following hypothesis testing verifies if a content hasbeen identified correctly. The results are returned.

Similar to watermarking we can identify two different classes of attacks:

• Attacks that influence the feature extraction, processing, and modelling operations.These attacks can be considered as attacks to the robustness of the fingerprinting.Like for watermarking robustness attacks, here an potential attacker is interested in


identifying transformations that minimize the perceptual distortion while maximisingthe effects on the calculated perceptual hash values.

• Attacks can also try to gain knowledge about the secret key of the fingerprinting calcu-lation. These attacks can be considered as attacks to the security.

1.4 Outlook

Forensic tracking is an important application area for watermarking as well as perceptualhashing. While watermarking actively embeds a mark within multi-media content, perceptualhashing calculates a content identifier from the content’s characteristics. Yet, these technolo-gies are not mutual exclusive. Interesting applications are possible due to their combination:For example, perceptual hashing can be used to identify the content itself, while transactionwatermarks allow the identification of the leak responsible for content distribution. Similarly,the application of non-blind methods can be improved.

Not only watermarking but also fingerprinting are applicable for authentication and iden-tification of content: ”Authentication establishes the credibility of an audio-visual signal, thatis, whether the signal is what is claims to be or not. Identification associates an audio-visualsignal with descriptive information” [1]. This working group only considers identification witha focus on forensic tracking. Authentication is addressed in [26].

Within the next chapters we introduce different application scenarios. Based on thesescenarios we explain watermarking in forensic tracking applications followed by fingerprintingin forensic tracking applications. Afterwards, the work within the WVL6 is described. Asummary closes this report. A glossary discusses relevant terminological issues and roundsthis report off.

Chapter 2

Application Scenarios and PracticalRealizations

2.1 General Application Scenarios

Although watermarking and perceptual hashing are orthogonal technologies and can be com-bined their individual properties impose some restrictions on potential applications. Water-marking technologies embed an mark in content. Thus reading this watermark is only possibleif it was embedded before. This is crucial for identification of content. Already distributedcontent cannot be identified if a watermark was not embedded. Perceptual hashing or fin-gerprinting systems extract characteristic features and derive an identifier from the content’sfeatures. This allows the identification of already distributed content if the features are storedand link to the corresponding content. On the contrary perceptual hashing technologies areonly able to identify the content itself. Information for telling different instances of the samecontent apart, e.g. information about the person distributing content illegally, cannot beextracted by perceptual hashing technologies. Also, perceptual hashing technologies requirea connection to a database, in which the features and the links to the corresponding contentinformation are stored.

As shown in figure 2.1, the application areas related to identification scenarios are

• usage and distribution monitoring, which collects information but doesn’t impede usageor distribution. Typical applications are

– identification of un-authorized re-use of content,

– broadcast monitoring for generation of audio playlists or advertisements monitor-ing, and

– specific usage monitoring, like monitoring the user’s prefered content.

• usage and distribution control, which actively interferes content usage or distribution:

– Active filtering, e.g. active nodes within organisations’ networks, are potentiallypossible.

7


identification applications

usage monitoring

usage control

meta data labelling

non-authorised re-use

usage monitoring for playlists, audience research, or advertisements

active filtering

user awareness

user information

Figure 2.1: Identification application areas can be grouped in usage monitoring, usage control,and meta-data labelling.

– Sharpening user awareness is a ”soft” intervention, as certain operation are notprevent but the user is informed about the certain ”properties” of the intended orongoing operation.

• meta data labeling, which connects content with additional information.

These different application areas are not limited to digital content. Watermarks to physicalobjects are applied in different areas including:

• bank notes,

• identity cards,

• driving licenses,

• invoices,

• smart toys,

• product security, and

• package security.

Yet, connections between the physical and the digital world are not limited to water-marking. Also, physical one-way functions have been investigated [27]. With this reportwe focus on digital watermarkings and digital perceptual hash functions of digital objects.Nevertheless, relevant requirements or properties can be transfered to physical objects.


Forensic tracking applications typically fall in the category ”usage and distribution mon-itoring”, which includes two aspects:

• detection of un-authorised usage or distribution (monitoring)

• proof of un-authorised usage or distribution

Obviously, watermarking and perceptual hashing provide the technology to automate thedetection of un-authorised usage or distribution. For example, transmission channels are mon-itored automatically. Similarly, websites are visited by webcrawler, which extract watermarkinformation from their stored content. However, jurisprudence based on watermarking is notknown in Europe. The current legal sitatution within Europe is described in section 4.3.

2.1.1 Efficient and Robust Monitoring

Monitoring of broadcast transmissions is used to control the broadcaster whether he behavesaccording contractual arrangements and to calculate an accurate financial balancing. In prin-ciple this can be done by play-lists of music items which have to be passed by the broadcasterto collecting companies (i.e. like GEMA) to calculate and collect the royalties for the artistsand music publishing companies. Although this could be done by the broadcaster’s play listtool itself, an additional independent controlling and collecting offers chances for a bettercontrol and in fact is used for this purpose. Furthermore these accounting calculations werevery rough in the past so that now a much more exact accounting is possible which will allowa more accurate and fair financial balancing for the artist and other players involved. Afurther application of monitoring can be seen in controlling of broadcasting of commercials.Emission has to be done and is paid for in certain, contractually defined periods in time inthe course of the day and in certain numbers to meet a certain target group of audience. Allthese modalities are agreed on by contract and the due execution hereof can be controlled bymonitoring very accurate and easily.

Monitoring of broadcast transmissions can be done by watermarking or by perceptualhashing methods. With watermarking a certain payload has to be embedded into the broad-casted digital item which can be analysed and recovered by detector receivers and loggedand compared to a planned broadcasting play list. Technically needed is embedding of acertain payload (at best done by a real-time embedder), detection of it and generating of adetection protocol. Perceptual hashing is also capable to achieve such a monitoring service.With perceptual hashing the broadcasted item needs not to be modified. But before using thesystem, a huge data base, which contains the fingerprints of each item that shall be detected,has to be generated. Such a fingerprint can be seen as very strongly compressed and uniquerepresentation of the item. For detection of a certain item it’s fingerprint is generated andmatched to the fingerprints archived in the database in real time. Each detection generatesan automatic protocol note in a log file. The quality of a fingerprint lies in it’s small size, it’suniqueness for each item and it’s robustness against modifications caused by the broadcastchannel. An important feature is a distance measure showing the similarity of two items andtheir fingerprints according to the human perceptual model.


2.2 Practical Realizations

Among the typical applications of watermarking systems are copy protection, identificationof information leaks, monitoring, and logging. Dependent on the application different kinds(and sometime multiple) information is embedded in the watermark:

• identification of the owner

• identification of the content

• identification of the receiver

Watermarking and perceptual hashing systems were already demonstrated and are usedin the field. Parameters used for perceptual hashing of audio signals have been standardisedin MPEG-7 [3, 13]. Further work is under way for fast hierarchical search of huge fingerprintdata bases, scalable fingerprints and even better audio parameters for robust detection similarto and modelling human perception.

Perceptual hashing is capable for monitoring and logging purposes. Thus, it can be usedas an identification service for unknown content. Yet, perceptual hashing cannot be used forthe identification of the owner or the receive if there is a 1 : m mapping between the contentand the owner respective the receiver. Only watermarking technologies can be used in thiscase as multiple unique identifiers can be embedded.

2.2.1 Content Identification

Fingerprinting is suitable for content identification. Several commercial services build onthis functionality. There are music identification services realized by mobile phone networkproviders using audio perceptual hashing. One can call a certain service number and recordan unknown piece of music with the mobile phone in real-time. A fingerprint is extracted andis used for a search in a music fingerprint database. The piece of music is identified and theservice sends back a SMS to the mobile phone containing the title and artist of the unknownpiece of music. Such kind of services were demonstrated with a high reliability (99,5 % correctidentification) and are available on the market.

2.2.2 Automated Search and Music Distribution

This system could be extended for impulsive driven ordering and buying of music tracksfrom everywhere around the globe combined with a delivery service or even better on-linedistribution.

2.2.3 Computer Aided Collecting

Instead of ordering identified items an automated book keeping can be realised allowingvery accurate and fair financial balancing of copyrights for the collecting companies. Thiscan even be done by an independent third party company for control purposes. By linked


contact information negotiation of copyrights including micro payment could even be doneon a bilateral base with the rights owner via internet.

2.2.4 Broadcast Monitoring

Due to some irregularities in the calculation of the air time of commercials on radio andon television customers of radio and television stations were interested in means to measurethe real air time of their commercials. This task can be done by watermarking as well asperceptual hashing technologies. The main purpose is the automatic control of the broadcaststations’ play lists.

2.2.5 Broadcast Coverage Measurement

In addition to the verification of play lists, the identification of the coverage area of the stationis another important application. This is a typical example where watermarking technologiesare required: The station identification is done by its special payload tag.

2.2.6 Copy Protection

Copy protection by watermarking can be done by identifying a specific copy of an item byan inserted payload tag and limiting it’s use in certain ways, e.g. allow only certain usersor limit geographic area for use. The enforcing of the restriction is a matter of the businessmodel. Yet, due to limited bandwidth in watermarking it is recommendable to add controlinformation into a secured digital header and to use watermarking only as a second line ofdefence in case the digital header is destroyed by an attack. However, if one wants to upgradean existing format (e.g. exiting MP3 players) in an compatible way perhaps watermarkingprovides the only possibility for this: Watermarks are transparent even in the analogue world,just like a bit of additional noise. While perceptual hashing can only identify one piece ofmusic, watermarking can resolve at a finer scale. It can distinguish several versions witha certain transaction history of the same piece of music by additional information in thewatermark payload. Also, transaction watermarks can be inserted. Here an identification ofthe item (e.g. the title of the song) together with an identification of the transaction (e.g.sold to a certain person by person identity number) is possible.

2.2.7 Securing of pre-mastered items

Another realized watermark application is securing pre-mastered versions of items to trackand avoid leakage of media items before they are officially published. This was reportedfrom the US Oscar contest, where illegal movie copies from the evaluators leaked out tothe public before the official announced publication date. Now these pre-mastered items arewatermarked with the evaluator’s identity (by a transaction watermark). Similar systemsare realized and used by publishing companies for pre-mastered audio tracks sent to radiomoderators for promotion.


2.2.8 Securing of on-line content distribution services

Also content distributed via the internet are watermarked as shown in figure 2.2. But it is notyet clear to what extent the detection of those watermarks is utilized for legal activities. Somepublishing companies watermark their own content, but it is also not clear to what extentillegal copying is tracked and what countermeasures are taken if an illegal use is detected.This is a strategy of the content and rights owner and perhaps it is currently just to monitorthe amount of illegal use. Some watermarks of clients were already found in the internet.

Creator

Customer

PDM

Original

Embed WM

CRM

Info

Figure 2.2: The default transaction watermarking application is shown in this figure: If acustomer downloads a digital content (in this case an image) a customer specific informationis embedded. In this scenario the customer specific information is gathered from a CustomerRelationship Management (CRM) system.

To identify non-authorized content usage and distribution on the Internet Web crawlersare needed. Due to the amount of data to be evaluated the watermark detection has to bevery efficient for this application scenario in contrast to the manual scenario where a scannerused needed to detect un-authorised content usage in print media as shown in 2.3.

2.2.9 Watermarking Applications for Physical Goods

A watermarking scenarios for applying digital watermarks to toys is described in [32]. Theapplication here is not identification but to increase the customary play value by connectingthe physical toy to the digital world in the computer. Althought this is not a forensic trackingapplication an extension of the scenario with the aim of tracking physical goods is not toofar away: In [28] a fragile watermarking technique is applied to packages. The aim is to


PDM

Look up

Original WM

Detector

CRM

Digitized Copy

Copy

ID Set

NO YES Look up

Figure 2.3: For the retrieval process different information is required depending on the em-bedding algorithm used. Non-blind watermarking algorithms require the original for the de-tection. The detected/retrieved information is compared with customer specific informationstored in the CRM.

distinguish unauthorized reproductions from original products.

Chapter 3

Requirements

3.1 General Requirements on Watermarking

The general requirements are also valid for forensic tracking. However, forensic tracking isa restricted application scenario. This allows an exacter requirement specification. In thissection, the general requirements are revised and evaluation criteria used for the benchmarkingof audio and video watermarking techniques for broadcast monitoring are given.

3.1.1 (Im-)Perceptibility

In general, a watermark should be imperceptible. The perceived quality of watermarkedcontent should not be influenced. To judge perceptual distortions, different subjective andobjective test methods have been defined for different content types [16, 15, 17, 14, 33, 9].

3.1.2 Robustness

A watermark should still detectable after intentional and non-intentional attacks. Non-intentional attacks typically arise due to the specific operations in the production and dis-tribution chain like compression. Ideally an attack, wichi successfully removed an embeddedwatermark, seriously affects the quality of the content. Robustness includes the detection rateas well as the false positive/alarm rate. As defined in [25] an attack to robustness is an attackinfluencing the embedded watermark. But no information about the embedding algorithm orcorresponding parameters should be gained. These kinds of attacks influence the detectionof a watermark. Thus, forensic tracking of content is limited by these kinds of attacks.

3.1.3 Attacks to the security

Attacks to the securtiy result in more severe consequences for forensic tracking. As they aimto acquire information about the algorithm or parameters, an attacker is potentially able toactively influence the forensic tracking. In this context the estimation based attacks are rel-evant, as described in [37]. If watermarking schemes are vulnerable against estimation based

14


attacks, an attacker can simply influence a tracking process by removing an embedded water-mark. As an alternative an attacker has the potential to estimate an embedded watermarkand to “copy” it to a destination of choice. Thus, the attack allows to influence the detectionprocess almost arbitrarily:

• An attacker can remove the embedded watermark.

• An attacker can embed a previously “acquired”’ watermark. A possible intention is toclaim that content was legally created or purchased by him. Similarily an attacker cantransfer a watermark with certain information with the aim to identify content wrongly.

3.1.4 Capacitity

The capacity requirement depends on the application scenario. The EBU required 64 bitsof information for video watermarkin systems (see Appendix A). Also cascadability of thewatermarks is needed in some application scenarios1.

3.1.5 Security

The basic issues of security are addressed in [25]. Here, we summarize these issues anddescribe their practical relevance.

Disclosure of the Algorithm

As stated by Kerckhoff [18], the security of a cryptogrphic system must not rely on thedisclosure of the algorithm (“security-by-obscurity”). In [2] it his highlighted that

“as the secrecy of an algorithm cannot be fairly weighted, then, we should ignoreit in security level estimations. This does not mean that obscurity is useless, it isjust unproven security.”

Furthermore, in [2] the authors also stress the fact that access e.g. to the detection systems -which is indeed the case for several applications where the detectors are implemented in userdevices, e.g. potentially for DVDs - reverse engineering is possible and thus disclosure is notguaranteed2.

Detectability/Predictability

Knowledge of the watermarking process as well as knowledge about the embedding channelcan be used to estimate the watermark (e.g. as described in [37]). Different kinds of attacksare possible [38]:

1Multiple embedded watermarks must not interfere with each other.2Here, one also has to consider that the security of an algorithm also depends on its implementation in

hardware and software


• Remodulation attacks: The aim is to modify the watermark based on the estimatedwatermark.

• Copy attacks: The estimated watermark is copied to another content.

• Synchronization removal: The estimated synchronisation pattern is removed.

As a consequence in [38] the power-spectrum condition (PSC) and the noise visibilityfunction (NVF) are introduced.

Watermark message space and key space

Also, a limited watermark message or key space reduces the security of an watermarkingalgorithm.

3.1.6 Performance

In practical applications, especially when distribution channels are monitored, the perfor-mance of the algorithms is significant.

Detector complexity

Certain application scenarios, e.g. the broadcast monitoring, require real-time embeddingand detection of the watermark.

Latency

The delay between the input signal and the embedded/detected watermark message shouldbe small.

3.1.7 Requirements Derived from the Application Scenarios

In [40] a preliminary list of requirements for the watermarking of broadcast material is pro-vided, which contains the following items:

• A watermarking system should be developed as a means of delivering - via the air, acable or a recording machine - an appropriate hidden metadata which conforms to anEBU-agreed metadata scheme for broadcasting.

• A watermarking system is needed today for both video and audio. In future, a commonmultimedia watermark will also be needed.

• The watermark should be arranged to be impossible to erase or change, to be completelyhidden from the viewer and listener, and not to disturb the perceived quality, in anymeaningful way.


• The watermarking system should principally be arranged to be still present in the analogsignal, so that it is still readable on a pirated analog tape of the programme, since thisis most likely to be how the programme will be pirated.

• The watermark should be invisible on all types of home displays, including flat-paneldisplays.

• The watermark must be present on all frames of the television signal.

• The watermark must be electronically readable.

• The watermark must cope with zooms, etc.

• The BER must be negligibly small.

• Multiple watermarks must be able to co-exist.

3.1.8 EBU Video Broadcasting Evaluation

In 2000 the European Broadcasting Union evaluated different video watermarking systems3

[6]. The evaluation considered the following aspects:

• Subjective Quality: The influence of the embedded watermarks on the quality wasevaluated. This evaluation also considered the effects on quality after embedding mul-tiple watermarks with the same or with different encoders.

• Robustness: The robustness evaluation reflected the production and distribution chainin the broadcasting scenario. Robustness included the detection probability per Water-mark Minimum Segment (WMS), False positive probability per WMS, and probabilityfor (bit) error-free payload per WMS.

Security issues were only addressed in a limited scope. The requirements are given in theAppendix A.

3.1.9 EBU Audio Broadcasting Evaluation

Between June 2001 and July 2003 the EBU Project Group N/WTM conducted extensivetests on audio watermarking systems.4 Two aspects were considered:

1. Robustness: The system under test (SUT) were evaluated against

• number of payloads recovered as a percentage rate (correct detection)

• number of payloads recovered that was not embedded as a percentage rate (falsepositive detection)

3Four systems were evaluated. Only two of them were able to fulfill the capacity requirements without anymodification.

4Only two suitable systems were received.


The requirement for a false positive probability was pf ≤ 10−8.

2. Imperceptibility: A subjective test method (according to ITU-R RecommendationBS.1116 [15]) was used to determine audibility of the embedded watermark.

The test report conluded5

“ ... audio watermarking has not seen widespread adoption in the many areaswhere it could be used. The decisions have been influenced by valid concerns aboutperceptibility and reliability of detection. To conclude, the study has shown thataudio watermarking technology is now available, which is practically inaudible,has a useful data capacity and is usefully robust. It remains to be seen whetherit will be adopted.”

The security of the SUTs was an issue in the requirements.

• Considering Kerckhoff’s Law [18], the security should rely on the use of secret keys andnot on the secrecy of the algorithm.

• The watermark should be difficult-to-predict and cryptographic strong.

• The number of available watermarking keys should be as large as possible.

• Watermarking-key management was required.

However, the main focus was the (im-) perceptibility and robustness of the embeddedwatermark.

3.2 Requirements on perceptual hashing

3.2.1 Discrimination

The purpose of perceptual hashing technologies is the identification of content. In otherwords perceptual hashing technologies have to distinguish different content items. Thus, thediscriminability of the perceptual hashing techniques is very important. The discriminabilitydepends on the length of the calculated fingerprint. The used distance metric is anotherimportant factor influencing the discrimination.

3.2.2 Size

Perceptual hashing technolgies must ideally also be able to uniquely identify each content.Thus, the size of the fingerprints should be large enough to address the different relevantcontent items.

5More detailed information about the test including the results are available at [41].


3.2.3 Performance

Here, the complexitiy requirements also depend on the application. For example for broadcastmonitoring the identification has to fulfill the same requirements on complexity and latencyas the watermarking technologies.

3.2.4 Robustness

Perceptual hashing techniques also have to identify content items even after they were pro-cessed by a certain range of processing operations. These processing operations are specificto the application scenarios and the same that have to be considered for watermark. Thesemanipulations increase the distance between the fingerprint of the original and the fingerprintof the modified content. The results are either false negatives (content is known, but cannotbe identified) or in the worst case false identifications.

3.2.5 Searching

Depending on the content type and the fingerprint structure the search can range from asimple similarity search (e.g. in the case of images) to a more complex search. This complexsearch is typcially the case for audio and video due to the time dependency of this data.Different operations can influence this time dependency. For examples, frames might bedropped out if a movie is converted into a different format.

3.2.6 Security

According to [23], only brute force methods are available for cryptographic hash functions ifno analytic weaknesses are known.

Brute force attack If n is the size of the hash outputs around 2n operations are neededto break the pre-image and the 2nd pre-image resistance.

Birthday attack If n is the size of the hash outputs around 2n

2 operations are needed tobreak the collision resistance.

However, if perceptual hashing functions fulfill perceptual similarity requirements the pre-image resistance, the 2nd pre-image resistance and the collusion resistance are potentiallyendangered.

Sensitivity attack The sensitivity attack against digital watermarks was first described in[8]. The asssumption is that the watermark decoder is implemented in a tamperproof box.A potential attacker cannot reverse-engineer critical parameters or the detector’s properties.Nevertheless, an attacker can experiment with the content and the detector.

For this attack it is assumed that the attacker has a marked content as well as access tothe input and output of the watermark detector. Having access to the detector result, the


attacker is able to create a modified version of the watermark content. The detector willnot detect a watermark in the modified version. Additionally, the attacker can minimise theperceptual degradations.

• Select a random point q0 ∈ S<, near S=: This random point q0 is the starting pointfor the following iterated estimation.

• Find tangent el: By taking a set of independent vectors tj , j = 0, 1, ..., N − 1 thedetectors decision along the straight line ql + γjtj for several different γj is observered.This allows the estimation of the shape of the surface S=.

• Create a point ql+1 ∈ S<, near S=: By taking the watermarked original and applyingsuitable manupulations a modified content can be created. A detector does not detecta watermark in this modified content.

• Iterate: Further iterations are possible to “improve the detectors result or to improvethe degradations of the modified content.

In [19] a countermeasure is presented. This countermeasure suggests the transition areaS= not to be a perfect plane but to be a fuzzy area within random decisions.

This attack also can be applied to perceptual hashing techniques.

Chapter 4

Related Issues

Besides the previously described issues on security of the schemes further issues have to beconsidered for forensic tracking applications. In this section they are shortly summarized.

4.1 Collusion Resistance

Digital data can be automatically compared to detect dissimilarities. This is a potentialthreat to the security of embedded watermarks as users can collaborate to create a modifiedversion of the content in which a watermark cannot be detected. This issue was investigatedby Boneh and Shaw [4].

Reflecting this potential threat collusion-secure codes are applied. They allow to traceone colluding pirate. As outlined in [31], collusion-secure codes can be probabilistic or com-binatorial. While probabilistic schemes are able to trace pirates with a probability of 1 − ǫ(ǫ ≤ 1), combinatorial collusion-secure codes allow the tracing of with probability 1. Thechallenging issue is the reduction of the length of the fingerprint in correspondence to a givennumber of users and pirates.

Different schemes for collusion-secures codes exists. An analysis of the original Boneh-Shaw fingerprinting scheme in [30] showed that its capabilities are above the initial assump-tions on its limitations.

4.2 Anonymous and Zero-Knowledge Watermarking Proto-cols

Traditional watermarking schemes have a strong weaknesses: they are symmetric. This meansthat for embedding and detecting a watermark the same key is used. Especially in applica-tions where either the verifier or the environment in which a detection is performed is nottrustworthy a significant threat applies for the removing of the watermark: the known de-tection (and embedding) key can be used to remove a watermark. This is in contrast toreal world applications where third parties must detect embedded watermarks and therefore

21


require access to the key of symmetric watermarking schemes1.

This drawback can be overcome by public (asymmetric) watermarking schemes. As de-scribed in [26] additional requirements are

• Asymmetry: Information of the public key does not allow the removal of an embeddedpublic watermark.

• Security: Information of the private key cannot be gained from the public key.

• Authenticity: A public key does not allow to embed a watermark that could also havebeen embedded by using a private key.

Two approached can be identified:

1. Two different keys for embedding and detection of the watermark are used.

2. The detected information is verified using a cryptographic zero-knowledge protocol.

Further details can be found in [26].

4.3 Legal status of digital watermarking

One of our goals is to identify the legal background of digital watermarking. This is importantin applications like e.g. DRM, as the user of a watermarking system needs to know if he isable to win a lawsuit against a pirate based on proofs gathered with digital watermarking.

In our opinion, the following aspects need to be addressed when applying watermarkingfor later use at court:

1. Does the user of the watermark need to inform the customer about the presence of awatermark in the content?

2. Is digital watermarking seen as a secure mechanism at court? Could it withstand theanalysis of an expert in a lawsuit?

3. Is it legal to remove the watermark from content?

In the following we provide the answers for these three questions collected from the coun-tries Belgium, Germany and Switzerland. Other countries will be included in future deliver-ables as soon as information is available. We want to stress that the following informationcomes from scientists in the domain of cryptography and watermarking and their discussionwith legal experts. Therefore a precision which would be necessary at court will not beachieved.

1Watermarking detectors in DVD players is a good example where symmetric watermarking schemes arenot feasible as access to the detection key can be gained by reverse engineering. If this detection key is knownthe watermark can be removed


4.3.1 Belgium

1. There is no direct legal obligation to inform the customer about the presence of a water-mark but this information seems to be necessary from a practical point of view (as partof the description of the product of the service and to explain the customer the functionsand the restrictions of the product/service) and should therefore be recommended.

2. There is no jurisprudence of Belgian courts about digital watermarking. In case of adispute the court would designate an expert and rely on his/her opinion. Whether ornot the mechanism will withstand the analysis of the expert, is a technical question.

3. The rule that it is illegal to remove the watermark from the content (if the purpose of thewatermark is to protect the content) comes from the European copyright directive (art.6) and is valid in every EU member state. In Belgium the rule still has to be transposedinto national law (the bill is currently under discussion in the federal parliament).

4.3.2 Germany

1. The user should be informed about the presence of a watermark in the content. We donot know if there is any consequence of not telling the user about the watermark.

2. Not clear at the moment. From the point of view of watermarking experts and securityspecialists in Germany, there is still the need for an example at court. Only then a judgewill call for an independent expert to analyse the watermarking system and provide anestimation of the trustworthiness of the watermarking-based proof.

3. When a watermark is embedded as a copyright protection mechanism, in Germany itis now illegal to develop, use, distribute or sell a mechanism to remove the watermark.The protection mechanism needs to have a certain quality so it cannot be removed byaccident.

4.3.3 Switzerland

1. No. The jurist however recommends it, to avoid being held responsible should there besome damage/problem created by the watermark. Example: there is now a lawsuit inFrance against a major distributor who copy protected some movies, and those moviescould not be played on some readers.

2. There is no jurisprudence for this in Switzerland

3. This depends on the context. If the watermark prevents someone from legitimate contentusage, or would cause damage, then you can remove it. It seems that one could removea copy protection watermark, but not a customer identification or authentication mark.

It is obvious that main influence on the current interpretations comes from the EuropeanCopyright Directive (”EUCD”). It addressed the use of digital rights management, which is acommon application for watermarking algorithms. Implementation of the EUCD in nationallaws comes slowly and sometimes in heavily discussed iterations. As various interest groups


fight about the need for DRM, its legal status and possible impact on various aspects of ourdaily life, it is hard to predict the future of the legal status of digital watermarking at themoment.

The only examples of court applications of digital watermarking we could find come fromthe US. In an essay (http://www.webreference.com/content/watermarks/interaction.html)the attorney Doug Isenberg describes digital watermarking as a mechanism to trace copyrightviolations. But the proof of ownership of the material was done by conventional methods.

Chapter 5

Research Activities on ForensicTracking and Related Activitieswithin ECRYPT

5.1 Research Activities performed by GAUSS

5.1.1 Media Forensics

In [29] a strategy to discriminate different ISO / MPEG 1 Audio Layer-3 (MP3) encodingprograms by statistical particularities of the compressed audio streams was outlined. Thisstrategy is based on Bayesian logic to deduce the most probable encoder on the basis of afeature vector that can be extracted from arbitrary MP3 files. All appropriate features usedfor the classification are discussed and example results for sets of test data from 20 differentcodecs are given. the possible applications include advances in information hiding, increasesthe reliability of steganographic attacks, and inferences about the origin of MP3 files forforensic purpose. We demonstrate that a preclassification of MP3 encoders reduces the falsealarm rate for a steganographic detection method. Implications for the generalisability of theproposed scheme to other file formats are addressed.

5.1.2 Content dependency of watermarks and capacity constraints for an-notation watermarks

The content dependency of watermarks was investigated as described in [36]. This investiga-tions focuses on existing image watermarking solutions. An existing method is improved witha focus on transaction watermarking by evaluating content based watermarking and capacityconstraints. In [36] the focus is on annotation watermarks for digital images that are boundto user-defined objects within the image and compare the requirements to the common usedwatermarking approaches. A technology for object based watermarking is presented relatedto semantical information of images. The positions used for embedding are first defined bythe user at a high, semantical level and only in a next step the positions are qualified by thevisual model at a lower, syntactial level.

25


5.1.3 Capacity constraints

To evaluate capacity constraints of audio watermarking to embed perceptual hashes directlyinto audio. A capacity measure is specified for audio as introduced in [DSLZ04]. This capacitymeasure will be integrated into the Stirmark Benchmarking for Audio (SMBA).

5.1.4 Robust fingerprints for digital images

Within this workpackage forensic tracking the Salzburg group has focused on robust featureextraction in order to enable the generation of robust fingerprints for digital images.

This is basically done via extracting some of the essential data parts of the JPEG 2000bitstream as a feature extraction function to enable robust hashing. Whereas the paper [21]discusses both scenarios, i.e. authenticating a given JPEG 2000 bitstream and also generatinga JPEG 2000 bitstream for authentication purposes, [22] entirely covers the use of JPEG 2000as a means to extract features and to apply a hash funtion to it subsequently.

In future we want to further improve our techniques for robust feature extraction usingthe JPEG 2000 bitstream in order to enable robust digital signatures for digital images.These robust signatures should allow JPEG 2000 and JPEG compression and different formatconversions on the one hand - since these operations are very integral in dealing with digitalimages - and should be able to detect malicious image manipulations on the other hand.

In order to increase the cryptographic security of these schemes we will include key-dependency schemes to JPEG2000 based hashing. These schemes will be based on JPEG2000part2 and will comprise random wavelet packet subband structures, and biorthogonal filterparameterizations.

These new types of digital signatures should also be used within the austrian GRID initia-tive, to enable authentication and fingerprinting of medical image data which is transmittedwithin GRID-networks.

5.2 Research Activities performed by FHG

5.2.1 Perceptual image hashes

In [42] a new method for image watermarking was introduced. This method is based on higher-order-statistics (cumulants). Cumulants are typically used in signal processing and imageprocessing, e.g. for blind source separation or Independent Component Analysis (ICA). Froman image with reduced size cumulants are calculated as an initial feature vector. This featurevector is transformed into an image fingerprint. The theoretical advantages of cumulants areverified in experiments evaluating robustness (e.g. against operations like lossy compression,scaling and cropping) and discriminability. The results show an improved performance of ourmethod in comparison to existing methods.


5.2.2 Database structures and similarity measures

Data structures and similarity measures for efficient retrieval are investigated. As describedin 1.3 the perceptual hashes are calculated for the content that should be identified. The nextstep is the database lookup. This has to be efficient in complexity as well as in scalability.Database structures that improve complexity as well as scalability are currently investigated.This is ongoing research.

5.3 Research Activities performed by UNIGE

5.3.1 Error resilient visual scrambling

The visual information transmitted via public channels (i.e. Internet, distributed, wireless,television and analogue video networks) is sensitive to communication noise and is not pro-tected against unauthorized use. For that reason the visual scrambling approach is proposedfor secure delivery of visual information over communication channels. The generalized block-diagram for secure delivery of a digital image is shown in Figure 5.1.

Figure 5.1: Secure delivery of a digital image.

The input digital image or document is scrambled at the encoder part without additionalredundancy in headers or metadata. The scrambling is based on a symmetric secret key(typically a binary string of length 128 bits) providing high security features against unau-thorized descrambling. The reliable descrambling and extraction of the encoded data (imageor document) at the decoder part is guaranteed even if some packets or blocks of cover imagewere lost or damaged during transmission over public network or distribution environment.

The proposed approach to the error resilient visual data scrambling is based on key-basedgenerated phase masks for encoding/decoding in the Fourier transform. The input image istransformed to spatial frequency domain (direct 2D Fourier transform):

F (u, v) =1

N1N2

N1−1∑

x=0

N2−1∑

y=0

f(x, y)e−2πi(xu/N1+yv/N2)

where N1, N2 are image dimensions; u = 0, ..., N1−1; v = 0, ..., N2−1. Then, the amplitude


and phase of the transformed image are computed by the following expressions:

|F (u, v)| =√

Re(u, v)2 + Im(u, v)2

φ(u, v) = tan−1(Im(u, v)/Re(u, v))

where Re(u, v), Im(u, v)are the real and imaginary components of F (u, v), respectively.

We will exploit the fact that the phase carries significant visual information. Thus, theamplitude of the transformed image |F (u, v)| is saved without changing while the phaseφ(u, v) is modified by the multiplication on the complex exponential component eiϕrand(u,v),which is further called phase mask. The phase mask ϕrand(u, v) has random character andis associated with the key for data encoding. There are several ways to receive random orquasi-random phase masks suitable for the scrambling purposes. To simplify the process ofthe phase mask generation we proposed to compute the phase of any random field in spatialcoordinate domain or even from another image considered to be a secret key.

The resulting phase φ′(u, v) of the scrambled image is computed as:

φ′(u, v) = φ(u, v) + ϕrand(u, v).

The modified spectrum will be equal to:

F ′(u, v) = |F (u, v)| ejφ′(u,v).

Finally, the resulting spectrum is then transformed back to the coordinate domain using 2Dinverse Fourier transform:

f ′ (x, y) =1

N1N2

N1−1∑

u=0

N2−1∑

v=0

F ′(u, v)e2πi(xu/N1+yv/N2)

where x = 0, ..., N1 − 1; y = 0, ..., N2 − 1. Although the host image has the fixed numberof possible gradations the cover image after inverse Fourier transform will not be integer.Therefore, to compress data and to enable digital visualization of the scrambled data thenecessity of the scalar quantization appears.

The same approach is applied for the descrambling of hidden visual information: theamplitude and phase calculation of the transformed cover image and key-based generation ofthe random mask. Obviously, the resulting phase φ̂(u, v) of the transformed image in thiscase will be computed as follows:

φ̂(u, v) = φ′(u, v) − ϕrand(u, v).

In the case of a proper choice of a random phase mask the secret image is completely recon-structed after an inverse Fourier transform. The descrambled image has random character,if the phase mask is not properly chosen (wrong key) that corresponds to the attempt ofthe unauthorized descrambling. In order to provide high efficiency and robustness for noisytransmission channels the usage of advanced error correcting codes (ECC) (i.e. Turbo codes,LDPC codes) may be additionally exploited.

To demonstrate the performance and the main features of the described visual encryptiontechnique the computer modeling was performed on grayscale images. In Figure 2 the test


Table 5.1: Input image (a), scrambled image with 3 lost packets (b), descrambled image after3 lost packets (c), scrambled image with 12 lost packets (d), descrambled after 12 lost packets(e).

Table 5.2: Scrambled and compressed images with quality compression factors 30% (a), 70%(c), 90% (e); descrambled images after scrambling and compression with factors 30% (b), 70%(d), 90% (f).

results for the image scrambling and descrambling with simulated 3 and 12 lost packets areshown. In Figure 3 the results of the descrambling after JPEG compression of the scrambledimage with different quality compression factors 30%, 70% and 90% are presented. One canfind that the image quality to be still acceptable even after high image compression and packetlosses.

The main features of the proposed approach to the secure delivery of digital images ordocuments are:

• simultaneous visual scrambling and error resilient coding for secure delivery of visualinformation;

• no additional redundancy is integrated into the data container while providing completevisual encoding;

• resistance to JPEG compression and packet losses;

• the usage of sophisticated cryptographic protocols for secret key management allowingthe reliable retrieval of hidden visual information by the authorized parties only;

• format independent and direct graphical format communications.

Chapter 6

Summary

Although security is an important issue for forensic tracking, so far it only played a minorrole.

One potential reason for this are former difficulties in solving the requirements on visibility,robustness, and capacity. As these requirements now seem to be solved and watermarkingtechnologies are more and more used in practical applications the significance of security isrealized.

Another reason lies in the applications of forensic tracking technologies. It is evidentthat one benefit of forensic tracking technologies lies in the automatic identification of non-authorized usages, e.g. broadcast monitoring or the crawling of webpages. Yet, the forensictracking technologies are currently not used as a proof in court trials. The proof is still basedon traditional methods.

From this point of view, the forensic tracking technologies significantly support the identi-fication of non-authorized usage as a huge mass of information can be processed automatically.In the case of non-authorized usage and distribution of content so far confronting the respon-sible person or organisation with this illegality of certain actions was sufficient. From thispoint of view security so far is still a minor issue. However, this will change as soon as thefirst court trial requires a formal evidence.

30

Appendix A

Video Watermarking - EBU testsrequirements

Within the watermarking system benchmarking scenario, two watermarks are embedding.This reflects the practical workflow:

1. A watermark W1 is embedded at the production level.

2. A watermark W2 is embedded at the contribution level.

As the quality of the watermark differs, the requirements on the watermarks also differ.Details of the benchmarking can be found in [6].

Explaination of the abbreviations:M mandatoryN should not haveR recommended

W1 production levelW2 contribution level 1

31


Visibility Of The Watermark

Not visible in a left/right comparison with the original, un-der studio viewing conditions

M

Payload

Watermark Minimum Segment (WMS), duration in time 1 sec for W1, 5 sec for W2

Data capacity 64 bits / WMS

Detection probability per WMS ≥ 95%

False positive probability per WMS ≤ 10−8

Probability for (bit) error-free payload per WMS ≥ 1 − 10−8

Purpose Of The Watermark

Identification M

Security - Secret Watermarking-Key

Difficult-to-predict, cryptographic strong M

Number of available watermarking-keys A large number (TBD)

Watermarking-key management M

Watermark Detection and Payload Extraction

Single-ended watermark detection and payload extraction M

Format Of Original Unwatermarked And Watermarked Signal

ITU-T Rec. BT.656 M

Robustness

Data Compression

MJPEG (20 Mbit/s) M

ISO/MPEG-1 (¡ 1 Mbit/s) R

ISO/MPEG-2 (2 to 6 Mbit/s MP@ML) M

Panasonic/DV or JVC/Digital-S, Sony/DV, Sony/Beta-SX M

MPEG-2 4:2:2 - 50 Mbit/s recorder (Sony IMX) M

PAL-coding and analogue recording

Sony/Beta-SP (with PAL input) M

VHS M

Digital and analogue filtering

Re-sampling, e.g. D/A → A/D conversion M

Sampling-rate conversion, up and down conversion M

Picture aspect-ratio conversion, e.g. 4:3 ↔ 16:9 M

Frame-rate conversion, e.g. 24 Hz ↔ 25 Hz ↔ 30 Hz M

Line-scan conversion: progressive ↔ interlace M

Motion-compensating noise reduction M

Added white noise (at −30 dB) M

Colour-space conversion: colour ↔ grey-scale M

Slow motion 3:1 R


Geometric attacks

Shift, crop and scale (minimum picture size: 360 x 288) M

Bend, shear or rotate by a small amount

• up to2degrees:M

• up to10degrees:R

Camera-viewing-display copying technique M

Collusion and collusion-like attacks M

Watermark editing

for users with secret key TBD

Cascaded watermarking

Compatibility of W1 & W2 M

Number of non-interfering watermarks, invisible in the samepicture

at least 2

Processing Time And Delay

real-time embedder & reader Embedder delay ≤ 80 ms

Table A.1: EBU Video Watermarking Test Requirements

Appendix B

Audio Watermarking - EBU testsrequirements

Explaination of the abbreviations:M mandatoryN should not haveR recommended

W1 production levelW2 contribution level 1

Details of the benchmarking can be found in [41].

34


Audibility Of The Watermark

Not audible in comparison with the original under studiolistening conditions

M

Not audible under domestic/consumer listening conditions M

Payload (Net Bit Rate)

Watermark Minimum Segment (WMS) duration 5 sec.

Data capacity 48 bits / WMS

Detection probability = complement of the false negativeprobability / WMS

95%

False positive probability / WMS 10−8

Probability for (bit) error-free payload / WMS 1 − 10−8

Purpose Of The Watermark

Identification M

Authentication N

Security - Secret Watermarking-Key

Difficult-to-predict, cryptographic strong M

Number of available watermarking-keys As large as possible

Watermarking-key management M

Watermark Detection and Payload Extraction

Single-ended watermark detection and payload extraction M

Option for double-ended watermark detection and payloadextraction e.g. in order to increase the level of reliability

R

Format Of Original Unwatermarked And Watermarked Signal

PCM-Format, Mono and Stereo, Sampling frequencies: 24.0,32.0, 44.1,48.0 kHz

M

PCM-Format, amplitude quantization: 24 bits M

ISO/MPEG-Layer-II bit stream (transcoding operation) R

Robustness

Data Compression

ISO/MPEG-Layer-II

• stereo: ≥128 kbit/s

• mono: ≥ 32kbit/s

ISO/MPEG-Layer-III, stereo ≥ 64 kbit/s

ISO/MPEG-AAC, stereo ≥ 32 kbit/s

Dolby/AC3 M

NICAM M

Sony/MiniDisc M


Digital and Analog Filtering

Re-sampling, e.g. D/A → A/D conversion M

Inaudible distortion of frequency response, e.g. notch filterguided by psycho-acoustic model

M

Sampling frequency conversion, up-conversion ratios: e.g.24.0 kHz → 32.0 kHz → 44.1 kHz → 48.0 kHz down-conversion ratios: e.g. 48.0 kHz → 44.1 kHz → 32.0 kHz→ 24.0 kHz

M

Stereo to mono conversion M

Add white noise at 30dB below peak signal level M

Pitch-corrected time-scaling up to +5% M

Linear speed change without pitch correction + 10% M

All pass filtering M

General multi-band equaliser with up to +6dB change oflevel

M

Special Effects

Add inaudible echo with random delay and amplitude M

Multi-band non-linear amplitude compression/gain (Opti-mod like)

M

Add voice-over at 15dB above signal level M

Collusion and Collusion-like Attacks M

Watermark-Editing For Users With Secret WTM-Key

Render watermark undetectable N

Replace = overwrite the payload bits N

Cascaded Watermarking/ Compatibility of W1/W2

Two non-interfering watermarks in the same signal are in-audible

M

Three non-interfering watermarks in the same signal are in-audible

R

Processing Time And Delay

Real-time (on-line) embedding, hardware M

Non-real-time (off-line) embedding, software-tool R

Real-time (on-line) detection and payload extraction, hard-ware

M

Non-real-time (off-line) detection and payload extraction,software-tool

R

Delay for the real-time embedder ≤ 80 ms

Table B.1: EBU Audio Watermarking Test Requirements

Appendix C

Glossary

C.1 About Digital Hashes, Digital Fingerprints, Perceptual(Digital) Hashes, and Perceptual (Digital) Fingerprints

Often the terms perceptual hashes and perceptual fingerprints are used to express the same.In [WIHF] a hash function is defined as “a function that converts an input from a (typically)large domain into an output in a (typically) smaller range ... The desired characteristics ofa hash function in general is that H(x) = H(y) probably implies that x = y For instance,cryptographic hash functions use the second condition in the form that given x, it is compu-tationally very difficult to find y such that H(x) = H(y). Additionally, it is desirable that ifwe are given x and H(x + s) where + can be bit changing or concatenation, then we can’tfind s short of exhaustive enumeration. In practice, for most applications other than errorcorrection, cryptographic hashes serve very nicely ... The term ”hash” apparently comes byway of analogy with its standard meaning in the physical world, to ”chop and mix.” Knuthnotes that Hans Peter Luhn of IBM appears to have been the first to use the concept, in amemo dated January 1953; the term hash came into use some ten years later.”

In this definition we can also see the similarity with the human fingerprint:

• A hash value allows identifying digital data with low collision probability.

• A hash value does not allow the reconstruction of the original.

These properties are very valuable for different applications especially when digital contenthas to be identified. For some application, e.g. authentication, the sensitivity of the hashfunction for bit changing is very important.

However, digital data comprises different kinds of content. Especially, content which isperceived by its audience, like audio-visual data, is inherently robust against content manip-ulations as the human spectator decomposes the input signals and reassembles these decom-posed signals in the brain. Some information is lost during the process. E.g. the input signalspace is reduced. This important characteristic of human perceptual is the basis for any lossycompression technology: Content characteristics, which have no or only minor influence onthe perception, are removed.

37


Obviously, cryptographic hash functions are sensitive to any content modifications even ifthe perceived content is not or only hardly affected. Especially in application where perceiv-able content is identified, the traditional hash function doesn’t provide the needed function-ality. Here, perceptual hash functions or perceptual fingerprints apply. Instead of directlycalculating a hash value from the input, content descriptors are extracted and the hash orfingerprint value are calculated from these descriptors. From a processing point of view per-ceptual hash functions for identification of content are related to Content Based Retrieval(CBR).

In general, CBR creates a semantic description of the input content. For example, animage Content Based Image Retrieval Systems (CBIRS) could provide a description of thescene. However, a semantic description is difficult. Thus, most CBR systems make use oflower-level features. For images this includes information about the texture, colour, and edgesor shapes. However, there are some CBIRS approaches, which classify the scene of a givenimage by the numbers of the faces e.g. in person or crowds. For audio higher-level descriptorscan be calculated more easily. Different types of queries can be identified:

In [20] three different kind of applications are identified:

• Looking for a specific content in a database with the knowledge about its existence

• Looking for a specific content in a database without knowing if it is in the database

• Browsing content the content available in a database

Different kinds of querying interfaces are possible ranging from simple keywords to query-ing by example. If low-level or high-level descriptors are used the content in the databasewas already processed by a feature analysis. The CBRS performs a similarity search usingthe features given by the users. Either these features are selected by the users, which is nottrivial in the case of low-level descriptors, or the user enters similar content and the featuresare automatically calculated. Obviously there is a clear similarity between content basedretrieval and indexing by perceptual hashing.

Within watermarking the term fingerprinting can have another meaning: Fingerprints canbe actively embedded in content. These fingerprints embed a watermark. This watermarkis the link to identify the content receiving person or organisation. These watermarks areactively embedded by content modifcations. Therefore, these kind of fingerprints are alsocalled “active fingerprints”. In contrast to active fingerprints, the perceptual hash values arealso called “passive fingerprints”.

Typically, these active fingerprints are embedded during a transaction. Therefore, theyare also called “transaction watermarks”.

Bibliography

[1] O. W. A.J. Mason, R.A. Salmon and J. Devlin. User requirements for watermarking inbroadcast applications. In International Broadcasting Convention (IBC 2000), Amster-dam, The Netherlands, sep 2000. IEE Conference Publication.

[2] M. Barni, F. Bartolini, and T. Furon. A general framework for robust watermarkingsecurity. Signal Process., 83(10):2069–2084, 2003.

[3] M. Bober. Mpeg-7: Evolution or revolution? Lecture Notes in Computer Science, 2124,Jan 2001.

[4] D. Boneh and J. Shaw. Collusion-secure fingerprinting for digital data. Lecture Notes inComputer Science, 963:452–??, 1995.

[5] P. Cano, E. Baltle, T. Kalker, and J. Haitsma. A review of algorithms for audio finger-printing. In IEEE Workshop on Multimedia Signal Processing, pages 169–173, 2002.

[6] L. Cheveau, E. Goray, and R. Salmon. Watermarking – Summary Results of the EBUTest. Technical Report 286, European Broadcasting Union, Grand-Saconnex, Switzer-land, Mar. 2001.

[7] I. J. Cox, M. L. Miller, and J. A. Bloom. Digital watermarking. Morgan Kaufmann seriesin multimedia information and systems. Morgan Kaufmann Publishers, San Francisco,CA, USA, 2002.

[8] I. J. Cox and J. paul M. G. Linnartz. Public watermarks and resistance to tampering,Aug. 30 2001.

[9] EBU Project Group B/AIM. EBU Report on the Subjective Listening Tests of SomeCommercial Internet Audio Codecs. Technical report, European Broadcasting Union(EBU), June 2000.

[10] International Federation of the Phonographic Industry (IFPI). commercial piracy report2004. http://www.ifpi.org/site-content/library/piracy2004.pdf, Jul 2004.

[11] International Federation of the Phonographic Industry (IFPI). fact sheets - internetpiracy. http://www.ifpi.org/site-content/press/20040330c.html, Mar 2004.

[12] International Federation of the Phonographic Industry (IFPI). Music pirate sales hitrecord 1.1 billion discs but spread of fake cd trade slows. http://www.ifpi.org/site-content/press/20040722.html, Jul 2004.

39


[13] INTERNATIONAL ORGANISATION FOR STANDARDISATION ISO/IECJTC1/SC29/WG11 CODING OF MOVING PICTURES AND AUDIO. Mpeg-7overview. http://www.chiariglione.org/mpeg/standards/mpeg-7/mpeg-7.htm, Feb 2005.

[14] International Telecommunication Union. Subjective Assessment of Sound Quality, 1990.

[15] International Telecommunication Union. Methods for Subjective Assessement of SmallImpairments in Audio Systems including Multichannel Sound Systems, 1997.

[16] International Telecommunication Union. A Method for Subjective Listening Tests forIntermediate Audio Quality – Contribution from the EBU to ITU Working Party 10-11Q, 1998.

[17] International Telecommunication Union. Method for Objective Measurements of Per-ceived Audio Quality (PEAQ), 1998.

[18] A. Kerkhoffs. La Cryptographie Militaire. Journal des Sciences Militaires, 9th series:5–38,161–191, Jan./Feb. 1883.

[19] J.-P. M. G. Linnartz and M. van Dijk. Analysis of the sensitivity attack against electronicwatermarks in images. In D. Aucsmith, editor, Information Hiding: Second InternationalWorkshop, volume 1525 of Lecture Notes in Computer Science, pages 258–272, Portland,Oregon, U.S.A., 1998. Springer-Verlag, Berlin, Germany.

[20] S. Marchand-Maillet. Content-based video retrieval: An overview.

[21] R. Norcen and A. Uhl. Robust authentication of the jpeg2000 bitstream. In CD-ROMProceedings of the 6th IEEE Nordic Signal Processing Symposium (NORSIG 2004),,Espoo, Finland, Jun 2004. IEEE Norway Section.

[22] R. Norcen and A. Uhl. Robust visual hashing using jpeg2000. In Eighth IFIP TC6/TC11Conference on Communications and Multimedia Security (CMS’04), Lake Windermere,GB, Sep 2004. Kluwer Academic Publishers.

[23] E. N. of Excellence. Recent collision attacks on hash functions: Ecrypt position paper.Technical report, ECRYPT, Nov 2004.

[24] E. N. of Excellence. First summary report on authentication. Technical report, ECRYPT,2005.

[25] E. N. of Excellence. First summary report on fundamentals. Technical report, ECRYPT,2005.

[26] E. N. of Excellence. First summary report on practical systems. Technical report,ECRYPT, 2005.

[27] R. Pappu. Physical One-Way Functions. PhD thesis, MIT School of Architecture andPlanning, Program in Media Arts and Sciences, Mar. 2001.

[28] J. Picard. Digital authentication with copy-detection patterns. In Optical Security andCounterfeit Deterrence Techniques V. Edited by van Renesse, Rudolf L. Proceedings ofthe SPIE, Volume 5310, pp. 176-183 (2004)., pages 176–183, June 2004.


[29] A. W. Rainer Boehme. Statistical characterisation of mp3 encoders for steganalysis. InACM Multimedia and Security Workshop ’04, Magdeburg, Germany, Spe 2004.

[30] H. G. Schaathun. The boneh-shaw fingerprinting scheme is better than we thought.Technical report, Dep. of Informatics, University Bergen, 2003.

[31] H. G. Schaathun. On collusion-secure codes for copyright protection. In Norsk Infor-matikkonferanse - Stavanger Forum, Stavanger, Norway, 2004.

[32] R. K. SHARMA and S. DECKER. Practical challenges for digital watermarking appli-cations. EURASIP JASP, pages 133–139, 2002.

[33] G. Stoll and F. Kozamernlk. Ebu listening tests on internet audio codecs.

[34] Tech News World. Global Piracy: Illegal Software Market Endures.http://www.technewsworld.com/story/33327.html, June 2004.

[35] the Motion Picture Association of America (MPAA). http://www.mpaa.org, Feb 2005.

[36] J. D. Thomas Vogel. Illustration watermarking: An object based approach for digitalimages. In P. W. W. Edward J. Delp III, editor, Security and Watermarking of Multime-dia Contents VI, Santa Clara, CA USA, 2005. SPIE, Electronic Imaging - Science andTechnology.

[37] S. Voloshynovskiy, S. Pereira, A. Herrigel, N. Baumgrtner, and T. Pun. Generalizedwatermarking attack based on watermark estimation and perceptual remodulation, 2000.

[38] S. Voloshynovskiy, S. Pereira, T. Pun, J. Eggers, and J. Su. Attacks on digital wa-termarks: Classification, estimation-based attacks, and benchmarks. Special Issue ofIEEE Communication Magazine on Digital Watermarking for Copyright Protection: ACommunication Perspective, 39(8):118–126, Aug. 2001.

[39] Wikipedia. Cryptographic Hash Function. http://en.wikipedia.org/wiki/Cryptographic hash function,Feb 2005.

[40] D. Wood. EBU Technical Review No. 282 - The challenges of rights management. Tech-nical report, European Broadcasting Union, Grand-Saconnex, Switzerland, Mar. 2002.

[41] D. Wood. EBU Technical Review No. 297: Audio Watermarking summary results ofEBU tests. Technical report, European Broadcasting Union, Grand-Saconnex, Switzer-land, Jan. 2004.

[42] L. Yu, M. Schmucker, C. Busch, and S. Sun. Cumulant based image fingerprints. InP. W. W. Edward J. Delp III, editor, Security and Watermarking of Multimedia ContentsVI, Santa Clara, CA USA, 2005. SPIE, Electronic Imaging - Science and Technology.

d.wvl.7 first summary report on forensic tracking · after this, general requirements are reviewed...

Documents