fundamentals of ecommerce security (3)

8/6/2019 Fundamentals of eCommerce Security (3)

1/27

1

ECOM 6031

Fundamentals of e-Commerce

Security

(Dr KP Chow, Dr Lucas Hui)

Lecture 3:

Protecting Documents and Content

Dr Lucas Hui

(CYC307, 28592190, [email protected])2

Content

Case of PKI business

Review of Cryptography

Review of Steganography

Comparing Cryptography and Steganography

Cases of Watermarking

Visible watermarking

Fragile watermarking

Robust watermarking (DCT)

Content Copyright protection (next batch of note)

CSS Case Review of Broadcast encryption

HDCP Case

Software Copyright Protection

Discussion Question

Given the known hacking techniques in Lecture1 and 2 (buffer overflow, CSRF, etc)

What kind of company data you can allow your

employee to access the company Intranetthrough ____ ?1. at office

2. at home using a fixed PC

3. at home using a laptop

4. at an oversea cyber-caf using a laptop

Can you suggest some protection strategy that

can make you feel safe? Is SSL / VPN (Virtual Private Network) enough?

3 4

Case of PKI business

Certification Authorities (CA) are big organizations

E.g. Verisign (the first CA in the world)

CA earns money by selling:

Private key and Public Key Key-pairs

Private key may be sold in special hardware

Public key are stored In the form of a Public KeyCertificate

Informally, some people say a CA sells Public KeyCertificates

What kinds of PKC (Public Key Certificate) are popular?


2/27


3/27

9

Symmetric Encryption

This is a

letter

K (enc/dec key)

X%*e1kI

4

Thomas:

Encrypt

K

This is a

letter

Peter:X%*e1kI

4 Decrypt

Authenticity: Peter knows the cipher is come from Thomas (Thomas has K)

Confidentiality: Peter knows the cipher cannot be seen by others (Only Peter

and Thomas have K)

No non-repudiation property

10

Hash Value

A.k.a. Integrity check value, message digest (MD)

An integrity check-value (of a message) is a fixed sizedata item where its content is depending on ALL bits of

that message An specific algorithm is used to produce this check-value

from a message. This algorithm can be keyless (D=H(M))

Same message gives the same check-value

When some bits in message is modified/added/deleted,the check-value would be different. Thus able to checkintegrity

Mathematically: Given D, it is extremely difficult to find M1

such that H(M1)=D. Given M and D, it is extremely difficult to find M1, suchthat M1 and M differs by a few bits and H(M1) = D

It is extremely difficult to find M1 and M2 such thatH(M1) = H(M2)

11

Hash functions

Message 1 Hash

Value 1

Fixed size (e.g.

160 bits)

Hash

Value 2

Hash

Fcn

Hash

FcnMessage 2

12

Integrity check process

A wants to send M to B

A computes D=H(M), and sends M,D to B

B receives M, D, and computes D=H(M) If D = D, then M and D are not tampered

M can also be transmitted in encrypted mode

H( ) is known as hash function, or one-way function

Popular hash functions are :

MD5 (128 bits)

SHA-1 (160 bits)


4/27


5/27

17

Relationship with CA

18

Use of Data Encryption(Confidentiality, but no authenticity)

19

Authentication using digital signature

Usually comes with challenge-response protocol

A wants to prove its identity to B

B sends A a message (usually with some random

content, some timing content) A uses its private key to sign on the message,

creating a digital signature

A sends the digital signature to B (usually as asigned message)

B verifies the digital signature, and authenticates A

Non-repudiation property: B can keep the digital

signature as evidence that A had been talking to B. More accurate: the owner of As private key had

been talking to B20

Use of Digital Signature(authenticity, non-repudiation, but no confidentiality)


6/27

21

Short Review of Signed Applet

CA provides its root certificate to the browsers

The XYZ company wants to provide signed applets tocustomers

XYZ will buy a Public Key Certificate (and of course thecorresponding private key) from the CA

When a customer of XYZ, say John, gets a signedapplet (call it J1) from web server of XYZ XYZ will send its PKC to Johns browser

Using CAs root cert, and Johns PKC, Johns browser will findXYZ public key value, say v1.

Johns browser will use v1 to verify the correctness of the digital

signature of J1 If J1 is properly signed by XYZ private key, Johns browser will

execute J1.

Business of PKC (signed Applet case)

Browser

Root Cert -

cert. of BigBrother

(CA)

Server (S1) S1 has a Cert of

S1, issued by Big

Brother B1

B1

B1 is my

customer,

Trust him!

22

Signed

Applet

PKC

of S1

S1 has a

private key,

set up by CA

23

Short Review of Signed e-Doc

CA provides its root certificate to the browsers

The XYZ company wants to provide signed e-Doc tocustomers XYZ will buy a Public Key Certificate (and of course the

corresponding private key) from the CA When a customer of XYZ, say John, gets a signed e-

Doc (call it D1) from XYZ XYZ will send its PKC to Johns computer

Using CAs root cert, and Johns PKC, Johns browser will findXYZ public key value, say v1.

Johns computer will use v1 to verify the correctness of thedigital signature of D1

If D1 is properly signed by XYZ private key, Johns computer

will accept D1 is a properly signed e-Doc from XYZ.

Discussion Questions

Can a company, which stores a lot of electronicdocuments, files, web pages, etc, be able to getrid of all PKI technology?

Any advantages of doing so? Any disadvantages of doing so?

How can a company prove to a third-party thatan electronic document is really created 30years ago?

24


7/27

25

Review of Steganography

Hiding info (small message) in a bigger message (e.g.microdot technology, invisible ink, pin punctures)

The smaller the ratio of size of hidden info / size ofthe big message, the more difficult for the hiddenmessage to be detected by outsiders withoutknowledge of the steganographic process.

Not exactly encryption, but modern steganographic toolscan also include encryption as a component

One application: watermarking for copyright protection

26

Steganography (2)

One Drawback : needs a lot of bits to encode asmall message

But now, the storage are there!! E.g. Kodak Photo CD

max. resolution 2048x3072 pixel (only 6M pixels)

each pixel 24 bits RGB color info

use least significant bit of each color to encodeinfo

hide 2.25 megabyte in one digital snapshot

27

SimpleSteganographye.g.

Dear George,

Greetings to all at Oxford. Many thanks for your

letter and for the summer examination package.

All Entry Forms and Fees Forms should be

ready

for final despatch to the syndicate by Friday

20th or at the very latest, Im told, by the 21st.

Admin has improved here, though theres room

for improvement still; just give us all two or three

more years and well really show you! Please

dont let these wretched 16+ proposals destroy

your basic O and A pattern. Certainly this

sort of change, if implemented immediately,would bring chaos,

Sincerely yours,

(Source : The Silent

World of Nicholas

Quinn, by Colin

Dexter)

28

A ChineseExample

What is the secret

message?


8/27

29

Ancient Spartan MethodWhat is the secret message?

30

Secret Communication example

case Two terrorists (A & B) using a newsgroup

newsgroup

A B(1) A hides please

bring machine

gun in a photo

(2) A posts the

photo to the

newsgroup

(3) B extracts

the message

(4) B hides the

reply to the 2nd

photo

(5) B posts the

2nd photo to

newsgroup

31

The secret key

is 14234

Modern Simple Idea Question: what is hidden inside this diagram?

Internet

32

Other simple ideas Comments in HTML documents

Flipping of [,] and [;] in a document

White Space characters

File name of a temporary file (e.g tmp14357.txt)

File protection status of a special file E.g. in Unix: -r-xrwx-w- is an unusual setting

Plenty of opportunities Due to the extensive use of computer (diversity

in software used)

Unavoidably :

more favorable to subjectsperforming secret communication


9/27

33

Steganography Vs Cryptography

Steganography

The science of Covered Writing Cryptography

The science of Secret Writing

34

Steganography Vs Cryptography

Writing process

secret

Hiding

methodBig Message

Big Messagewith secret

secret

Encryption key

Encryption

method cipher

Steg:

Cryp:

35

Steganography Vs Cryptography (2)

Reading process

secret

Extracting

method

Big Message

with secret

secret

Decryption key

Decryption

method cipher

Steg:

Cryp:

36

Steganography Vs Cryptography (3)

Strength of steganography

the hiding method is not known by others

Strength of cryptography

The encryption method can be known by

others

The key should not be known by others

The key length should be long enough to

stand against exhaustive search


10/27

37

Combining Steganography &

CryptographyWriting process

Hiding

method

Big Message

Big Messagewith cipher

cipher

secret

Encryption key

Encryption

method

38

Combining Steganography &

Cryptography (2)Reading process

Extracting

method

Big Messagewith cipher

cipher

secret

Decryption key

Decryption

method

39

Abstract list of related techniques

Hide the information as

Some noise in another object (e.g. color

variation in photos, sound files, video clips)

The order of a list of randomly-ordered

items (e.g. supermarket receipts)

Random numbers that appear naturally in

an object (e.g. the random scars on the

skin of a monster in a computer game

picture)

40

Abstract list of related techniques (2)

Spread out the information:

One bit of information is diffused into

several bits first, before the hiding process.

In elaborated term: the split information

can be transmitted into several different

messages (say, any 5 of the 7 transmitted

messages can reconstruct the secret)

[Secret sharing]


11/27

41

Abstract list of related techniques (3)

Adopt a statistical profile (e.g. generating random

English words that preserve the letter count statistic)

Not so important in modern Internet world (thereare too many data that are random in nature, e.g.

message id, a piece of cloud in a diagram)

Adopt a structural profile (e.g. reconstructing the

sentence grammar structure, and replacing a

verb/noun with similar meaning).

can Vs be able to

copy Vs make a copy of

Hiding the source of a message (to achieve

anonymity, so as to avoid the suspicion of having

hidden messages) 42

Goals of steganography Escaping inspection of human users

Store in photos, or the previous simple examples

Reinforcing the concept of copyright protection Discourage e-doc users to perform illegal copying

(Variant forms)

Escaping inspection of automatic

computing filters To ensure human being (in web registration process)

In SPAM email subjects, to avoid filtering

Ref:

http://captchas.net/

http://paul.luminos.nl/documents/show_document.php?d=316

Just carrier of extra messages Extra data fields without changing older systems

43

Usage of steganography Secret communication

Commercial reason

Political reason

Personal privacy reason Criminal offense

Downward compatibility of data structures. E.g.:

A data structure for photos is used in manyapplications

Some new applications require an extra featureto be transmitted

If this new feature is transmitted viasteganography, all old software/system need notbe changed

44

Usage of steganography (2)

Storing watermarks for copyright protection

of digital contents

The secret message is the serial number, of

some ID of the buyers Strong watermarks : those that are not easily

destroyed. Mainly for tracking the e-document

flow

Weak watermarks: those that can be destroyed

easily (say by photocopying).

E-document authentication (e.g. storing thedigital signature of the authors)


12/27

Cases of Digital Watermarking

Visible watermark

Not a steganographic technique.

Just a way to put a mark in a picture

Fragile watermark

It is not detectable after the slightest modification

Commonly used for tamper detection (integrity proof)

Called semi-fragile if it resists benign transformation,

but fails detection after malignant transformation

Robust watermark Resists a lot of transformation

45

Visible watermark The information embedded as a watermark

can be almost anything. It can be a bit

string representing copyright message,

serial number, plain text, etc.

Sometimes it can be more useful to embed

a visual watermark (e.g. corporate logo)

instead of a bit string as a watermark.

46

Example of 8*8 visual

watermark

47

Eg. Of Visible Watermark

Source:

Web site of the uMark Software

http://www.uconomix.com/Products/uMark/Def

ault.aspx

48


13/27

Fragile watermarking

A fragile technique often has to possess

two features:

it should be vulnerable to even very slight

modifications of the watermarked asset;

and it should be capable of locating, or even

identifying the endured attacks.

49 50

Using Pictures to store secret Modern Digital pictures has a lot of pixels.

Each pixel are represented by some bits (e.g. a pixel isrepresented as three 8-bit numbers, denoting the level

of Red, Green, Blue color) The lsb (least significant bit) of each 8-bit number has

minimal effect on the color of that pixel

Concept: use the lsb of each color to store the secret

Example

secret is 101100 (a 6-bit secret)

Use some scheme to select 2 pixels in a picture

For the first pixel, set the lsb of Red color to 1, lsbof Green color to 0, lsb of Blue color to 1.

For the second pixel, set the lsb of Red color to 1,lsb of Green color to 0, lsb of Blue color to 0.

51

RGB A picture with 20 pixels (in RGB form)

10110011 01101010 00110101

Blue color value

Green color value

Red color value

Lsb used to

store secret

message

52

Modern watermarking system framework

Let T be the steganographic tool that uses

pictures as storage media

Assume

The hidden message is H The picture used to store H is PIC

T uses a pseudo random number generator (a

program that can generate a sequence of

numbers that looked like random, when supplied

with a number called a seed)


14/27

53

To store hidden message using T

User chooses a paraphrase, say I love you

T transforms I love you to a seed, and use the

pseudo random number generator to generatea set of random positions in PIC (call this set S)

Construct an error-correction code

representation of H (called it H*)

Put the bits of H* as least significant bit in

positions of PIC (determined by S)

54

To get hidden message using T

User (the one who want to read H) provides the

same paraphrase, (I love you).

T transforms I love you to a seed, and use thepseudo random number generator to generate

a set of random positions in PIC (call this set S)

Extract H* from the l.s.b. positions determined

by S

Extract H from H* (this works even if some

errors exist)

55

Properties There is small change of picture quality

Design principle: only modify the color of a pixel

slightly

A larger picture has more choices of pixel positions

to store the secret (and the secret can be longer)

Modification of the picture might destroy the secret

(watermark)

To store a longer secret message, you may need to

modify bits other than lsb. Picture may be distorted

Many picture formats are not storing the RGB

values directly. So variations of the mentioned

technique are needed.

56

E.g. on Steganographic Tools (1)

Stego (www.stego.com)

Storing the secret at the lsb of pixels (in a GIF image)

GIF using a palette, with each entry stores the RGB

values

Each pixel stores an index to a palette entry. The color

of the pixel is the color of that entry

Use the lsb of the index in a pixel to store the secret

Key step:

Sort the palette, according to an order of colors such

that neighboring palette entries store very similar

colors (details of this order is not discussed). After the above step, changing the lsb of each pixels

index will not change the color a lot.


15/27

57

GIF image (20 pixels) with

palette

10110011 01101010 00110101index value (lsb is used to

store secret in stego)

palette

01101101

index

01101101

00000000

00000001

01101100

58


Gifshuffle (www.darkside.com.au/gifshuffle/)

Also play with the palette structure of GIF images

(Key point 1) Gifshuffle recognized a special order of

the colors. Given a picture, it sort the palette accordingto that order

Assume there are n different colors in the palette

The n! different permutation of the colors can be usedto represent a number from 1 to n!.

(Key point 2) Thus, a secret with at most log2(n!) bitscan be stored as a special permutation of the palettecolors.

This scheme will not change the quality of the image!!!(same set of colors are used, the only difference is theorder in the palette)

59

m = a number from 0 to n!-1

n = size of an array of balls

Put balls b0, b1, b2, bn-1 into the array A[0], A[1], A[n-1]

such that the permutation encodes the number m

bn-1 is placed in A[0]

bn-2 is placed in A[0] or A[1]

bn-3 is placed in A[0], or A[1], or A[2]

bn-4 is placed in A[ j ], where j is an integer from 0, 1, 2, 3

. . .bn-i is placed in A[ j ], where j is an integer from 0, 1, i-1

. . .

b2

is placed in A[ j ], where j is an integer from 0, 1, n-3

b1 is placed in A[ j ], where j is an integer from 0, 1, n-2

b0 is placed in A[ j ], where j is an integer from 0, 1, n-1

Idea ( 1 ) : Put in the order of bn-1, bn-2, b2, b1, b0

Putting n balls in array A [ 0, n-1 ]

How to use a

permutation (of items) torepresent a number?

60

Idea ( 2 ) : Consider all the sequence of number m = m0, m1, mnm0 = m

mod 1

mod 2

div 1

m1

m2

m3

mn-3

mn-2

mn-1

mn = 0 rn

rn-1

rn-2

r3

mod 3

0 = r1

div 2

div 3

div n-2 mod n-2

mod n-1div n-1

( must be 0,

why? )

r2

mod ndiv n

( encode r1 by putting bn-1 )



( encode rn-1 by putting b1 )

( encode rn by putting b0 )

r1

, r2

r3

, rn-2

, rn-1

, rn

are three we want to encode

Example [ try n = 3, m = 3!-1 =5 ]


16/27

61

Procedure to Encode ri ( a number from 0 to i-1 ) by putting bn-i

The algorithm

int m ( m = m0 at the beginning )

for i = 1, 2, 3, n

{ Calculate ri = m mod i ;

Calculate m = m div i ;

Encode ri by putting bn-i }

( Note : ( 1 ) bn-1 is supposed to be placed in the entry A[ri]

( 2 ) the array entry A[0], A[1], A[i-2] are occupied

( 3 ) A[i-1] is empty )

If ri = i-1, { put bn-1 in A[ri] }

else { move the ball in A[i-2] to A[i-1] ;move the ball in A[i-3] to A[i-2] ;

. . . move the ball in A[ri] to A[ri+1] ;put bn-i in A[ri] }

62

After finding rn, rn-1, rn-2, r2, r1, r0, compute m accordingly

To get back the value of m from the permutation array

Find rn-1 from b1 similarly

Find rn-2 from b2 similarly . . .

Find rn from the position of b0

Now, remove b0, and reverse the operation of inserting b0

( i.e. move A[r n+1] to A[rn]

A[rn+2] to A[rn+1]...

A[n-1] to A[n-2] )

Find where is b0

b0 must be in A[rn]

so we can know rn

63

Some examples of inserting bn-3

( Case 1 ) to A[2] ( Case 2 ) to A[1] ( Case 3 ) to A[0]

bn-2

bn-1

.

.

.

bn-2

bn-1

bn-3

.

.

.

bn-2

bn-1

.

.

.

bn-2

bn-3

bn-1

.

.

.

bn-2

bn-1

.

.

.

bn-3

bn-2

bn-1

.

.

.

A[0]

A[1]

A[2]

A[0]

A[1]

A[2]

A[0]

A[1]

A[2]

64


JPHS(http://linux01.gwdg.de/~alatham/stego.html)

JPHIDE & JPSEEK

A relatively new tool

Use the BlowFish symmetric cipher as thepseudo random number generator

Able to hide message in jpeg files (withparaphrase control)

Claimed that with a low insertion rate (say


17/27

65

E.g. on Steganographic Tools (4)wbStego (http://wbstego.wbailer.com/)

Text-based steganography for XML documentsThe text marked up the content using tags are called

XML documents, the structure of the XML documents

are defined in DTD files and the style is described in

XSL files.

66

XML

document

XMLdocument

stego data

embeddeddata

embeddeddata

embeddingcover data transmitting

XMLdocument

stego data

extracting

XSLT

DTD

processing

stego key stego key

Figure : Approach of Steganography in

XML document

67

Representation of empty elements

The representation of an empty element can be either a start

tag immediately followed by an end tag or an empty element

tag. By switching these two equivalent forms, we can embed

secret data without altering the content and validity of the

documents.

Take an example, if we use to represent a bit 0

while we use to represent a bit 1, the resulting

document after we insert a 01 message to it should be :

68

White spaces in tagsXML parser will ignore the space adding to adjacent side of the

element inside a tag. We can make use of this characteristic to

embed secret message and preserve the validity of the documents.

Take an example, we represent a bit 1 by adding a white space to

the element while adding no spaces is used to represent a bit 0.

We can represent the secret message 101100 010011 by (Can youfind it?) :

Alice

01

Bob

02


18/27

69

Appearing order of the elements

Take an example, we represent a bit 0 by put the element

in front of element , but we represent a bit 1 by

putting the element before of element . There thefollowing data is used to represent 01.

Alice

01

02Bob

70

Appearing order of the attributes

In XML, the order of attributes of an element does not have any

effect on the content and meaning of the documents. Using this

characteristic, we cab embed secret data in XML documents byexchanging the order of attributes.

Take an example, we have an element which has two

attributes day and month. If we put the day attribute in front of

the month attribute, this represents a bit 0; otherwise this

represents a bit 1. The following data is used to represent 10.

My birthday

New Year

71

Structure of elements

At some situations, two elements can contain another. Using

this characteristic, we can embed secret data in XML

documents.

Take an example, if we have two elements which are

and that can contain each other, we use

containing to represent a bit 0 while use

containing to represent a bit 1. We can embed 10 in a

XML document by changing its format to :

Orange

Apple

Robust watermarking

A robust technique should at least be able to

resist the attacks that cause distortions

smaller than a certain threshold beyond

which the watermarked digital content is

greatly degraded.

Resists both intentional and inadvertent

transformations

Capacity degrades as a smooth function of

the degradation of the marked content

72


19/27

73

A generic watermarking frameworkin media files

Some

transformation

Parameter

extraction

Media file

(big

message)

Hidden

message

A parameter

(e.g. a

correlation)

Inversetransformation

Parameter

modification

Modified

parameterParameter

insertion

Media file withwatermark

74

An Over-Simplified Idea Red Vs Blue to encode a bit (1/0)

A red picture is a 1

A blue picture is a 0

All other pictures are having no secret message

Improved version

Cut the picture into 25 grids

If the top-left grid is redder than others: a 1

If the top-left grid is bluer than others: a 0

All other situations means no secret message

75

Over-Simplified Idea (2) Another improved version

Cut the picture into 25 grids

Use Error-Correction-Code to store the secret bit in 5 (or anyother number) grids

Other improvements (which will evolve into a realsteganographic systems): Use other transformation parameters rather than Red/Blue

Increase the number of grids

Encode the bit into grids of different positions

Encode multiple bits

Add encryption

Idea: DCT Watermarking

Music has high frequency (H), medianfrequency (M), low frequency (L)

A section of music, with distortion at H, is stillrecognizable by listeners

Pictures also have H, M, L Roughly, rapid change of color is H

A picture with a distorted H is still readable

So, the H region is a good place to hidenumbers

76


20/27

DCT-based robust watermarking

Discrete Cosine Transform (DCT)

The 2D-DCT cannot only concentrate themain information of original image into thesmallest low-frequency coefficient, but also itcan cause the image blocking effect beingthe smallest, which can realize the goodcompromise between the informationcentralizing and the computing complication.

So it obtains the wide spreading applicationin the compression coding.

77

Discrete Cosine Transformation (DCT)

The DCT has become the standard method

for image compression Represents an image as a sum of sinusoids

of varying magnitudes and frequencies

typically the image is divided into 8x8 pixelblocks, where each block is transformed into64 transform coefficients

For most images, most of the visuallysignificant information about the image isconcentrated in just a few coefficients

78

79 80

data:0: 153 153 153 153 153 153 153 1531: 153 153 153 153 153 153 153 1532: 153 153 153 153 153 153 153 1533: 153 153 153 153 153 153 153 153

4: 153 153 153 153 153 153 153 1535: 153 153 153 153 153 153 153 1536: 153 153 153 153 153 153 153 1537: 153 153 153 153 153 153 153 153DCT:0: 200 0 0 0 0 0 0 01: 0 0 0 0 0 0 0 02: 0 0 0 0 0 0 0 03: 0 0 0 0 0 0 0 0

4: 0 0 0 0 0 0 0 05: 0 0 0 0 0 0 0 06: 0 0 0 0 0 0 0 07: 0 0 0 0 0 0 0 0

Examples of DCT


21/27

81

data:0: 135 108 157 93 163 99 148 1211: 135 108 157 93 163 99 148 1212: 135 108 157 93 163 99 148 121

3: 135 108 157 93 163 99 148 1214: 135 108 157 93 163 99 148 1215: 135 108 157 93 163 99 148 1216: 135 108 157 93 163 99 148 1217: 135 108 157 93 163 99 148 121

DCT:0: 0 0 0 0 0 0 0 2001: 0 0 0 0 0 0 0 0

2: 0 0 0 0 0 0 0 03: 0 0 0 0 0 0 0 04: 0 0 0 0 0 0 0 05: 0 0 0 0 0 0 0 06: 0 0 0 0 0 0 0 07: 0 0 0 0 0 0 0 0

Examples of DCT (cont.)

82

data:0: 135 135 135 135 135 135 135 1351: 108 108 108 108 108 108 108 1082: 157 157 157 157 157 157 157 157

3: 93 93 93 93 93 93 93 934: 163 163 163 163 163 163 163 1635: 99 99 99 99 99 99 99 996: 148 148 148 148 148 148 148 1487: 121 121 121 121 121 121 121 121

DCT:0: 0 0 0 0 0 0 0 01: 0 0 0 0 0 0 0 0

2: 0 0 0 0 0 0 0 03: 0 0 0 0 0 0 0 04: 0 0 0 0 0 0 0 05: 0 0 0 0 0 0 0 06: 0 0 0 0 0 0 0 07: 200 0 0 0 0 0 0 0

Examples of DCT (cont.)

Watermark embedding

Cox et al asserted that in order for a

watermark to be robust, it need to be

placed in the most significant part of the

image.

the watermark will be composed of

random numbers drawn from a Gaussian

distribution N(0,1) distribution

83

Watermark embedding

General procedure

1.Applying frequency transformation to the data.

2.Computing perceptual mask to highlight themost significant regions in the spectrum that cansupport the watermark without affecting theimage fidelity (V).

3. Inserting the watermark to the image.

4. Inverse DCT

84


22/27

85

Watermark embedding

Watermark Structure

A watermark consists of a sequence of real

numbers W= 12K

where each value i is chosen independently

according to the Gaussian distribution N(0,1).

86

Step 1 - Compute 2-D DCT of image

Step 2 Locate Klargest coefficients,c1, c2, , cK Step 3 - Embed watermark into the K

largest DCT coefficients using:

ci = ci * (1 + i), = 0.1

Step 4 - Convert the inverse DCT of theresults from step 3

Watermark embedding

87 88

Insertion

TheN1blockof64quantizedcoefficients

0

4 1 1

E.g. of Watermark embedding


23/27

Q: Why Klargest coefficients are selected?

A: issmall,reducedvisibility

Watermark embedding

Watermarksareembeddedinmultiplefrequency

componentswithspatialimpactovertheentire

image

Attackstendtodegradeimage

89

Step 1 - Compute 2-D DCT of image in question

Step 2 - Extract KDCT coefficients from same positionsas insertion, c1, c2, ..., cK

Step 3 - Compute watermark using:

i = ci - ci 1


24/27

If the true owner have signed the image

with a watermark first, and also hid awaythe original image and only released thewatermarked version to the public.

In this case since Bob must havewatermarked the image after her, she canprove her ownership by showing her

original image that she owns and it doesnot have Bobs watermark embedded.

Problem (cont.)

93

If some doubt canbe created about

the true originalimage, byfabricating anoriginal, the trueowner of the imagecannot bedetermined bywatermarking

alone. Inverse watermark

calculation

Problem (cont.)

94

References

[1] Kai Wang, etc. A Comprehensive

Survey on Three-Dimensional Mesh

Watermarking, IEEE TRANSACTIONS

ON MULTIMEDIA, 10(8), pp: 1513-1527,

2008

[2] Abbas Cheddad, etc. Digital image

steganography: Survey and analysis of

current methods, Signal Processing,90(3), pp: 727-752, 2010

95 96

Attacks on Steganography Technical classification (like cryptographic attacks)

File (the message with hidden secret) only attack

File and original copy attack

Multiple encoded file attack

File + algorithm attack Destroy everything attack

Random tweaking attack

Adding new information to files

Reformat attack

Compression attack

Special attacks: e.g. Mosiac attack on pictures

Question: How to destroy a hidden message storedusing the gifshuffle software?

A f k


25/27

Example of attacks (in 3D case)

Original mesh and four examples of attacked meshes:

(a) original Rabbit mesh; (b) random noise addition; (c)smoothing; (d) cropping; (e) simplification.

97 98

A more concept framework 3 main approaches

(the hacker) adds additional watermark to the file,

to make the original watermark unrecognizable

Perform transformation to file (e.g. rotation,

reformatting, re-sizing to photos) to destroy the

watermark

Find multiple files (with different watermarks), by

comparing them, find the knowledge of

watermark, and remove it

Destroying the watermark (to avoid the trace) iseasier, to extract it is more difficult

99

Practical attack method e.g. 1

StirMark

(http://www.cl.cam.ac.uk/~mgk25/stirmark.html)

A generic tool to test robustness of image

watermarking algorithms

To the image, StirMark applies same kinds of

errors into the image, including stretch, shift,

rotate, etc., then use scanning process to

reconstruct the image

Many commercial watermarking algorithms

failed this test

100

Practical attack method e.g. 2

Mosaic attack (a special purposeattack)

Given a picture P with watermark

Cut P into small rectangles

Write a web page, whichassembles all rectangles into theoriginal picture

Check for watermark is notpossible due to the small size ofeach rectangle

Mainly used to act against web

crawlers that patrols the Internet tofind pictures with a certainwatermark.

C t h l l


26/27

101

An extension : Covert channel

A Hacking case, we are the hackers

Assume that we:

Have planted a root privilege process R in thevictim system V

Able to start a user process U in V as well

R can still an important information, a 4-bit

secret (e.g. 1011) from Vs protected memory

We want R to send this 4-bit secret to U, (& later

let U to send it out)

We want a memory only solution!!

102

Covert channel example

V (victim)

R

U

PublicNewsgroup

103

To steal the 1011 bit sequence

R creates a new root-privilege process R* (say using

fork)

R* repeatedly do the following forever:

R* sleep for 4 seconds

If the 1st bit is 1, R* runs for 0.5 sec (say repeatedly

assign zero to a variable), then sleeps for 0.5

second. But if the 1st bit is 0, R* sleeps for 1 sec

If the 2nd bit is 1, R* runs for 0.5 sec then sleeps for

0.5 second. But if the 2nd bit is 0, R* sleeps for 1 sec

If the 3rd bit is 1, R* runs for 0.5 sec then sleeps for

0.5 second. But if the 3rd bit is 0, R* sleeps for 1 sec

If the 4th bit is 1, R* runs for 0.5 sec then sleeps for

0.5 second. But if the 4th bit is 0, R* sleeps for 1 sec104

What U do U uses some process monitoring command (e.g. ps in

Unix) to monitor the root-privileged process in every 0.1

sec interval

If after some time, U discovers a process with the

strange execution timing as described in the previousslide, U can extract the 4-bit sequence

It is a slow, workable, and hard to detect method

Can be combined with other techniques. For example

the secret is a system message box handle, so R &

U can communicate further in passing memory)

The secret is a key to decrypt a file in /tmp directory

Di i Q ti


27/27

105

user area in O.S. U listen to system area

protected area in O.S. R R* (says 1011)

Time

scale

state of R*

Running/runnable

sleep

Time

forks

Discussion Question

Are there any use to put watermarks incompany documents?

By using Visible watermark

By using Fragile watermark

By using Robust watermark

106