fundamentals of ecommerce security (3)
TRANSCRIPT
-
8/6/2019 Fundamentals of eCommerce Security (3)
1/27
1
ECOM 6031
Fundamentals of e-Commerce
Security
(Dr KP Chow, Dr Lucas Hui)
Lecture 3:
Protecting Documents and Content
Dr Lucas Hui
(CYC307, 28592190, [email protected])2
Content
Case of PKI business
Review of Cryptography
Review of Steganography
Comparing Cryptography and Steganography
Cases of Watermarking
Visible watermarking
Fragile watermarking
Robust watermarking (DCT)
Content Copyright protection (next batch of note)
CSS Case Review of Broadcast encryption
HDCP Case
Software Copyright Protection
Discussion Question
Given the known hacking techniques in Lecture1 and 2 (buffer overflow, CSRF, etc)
What kind of company data you can allow your
employee to access the company Intranetthrough ____ ?1. at office
2. at home using a fixed PC
3. at home using a laptop
4. at an oversea cyber-caf using a laptop
Can you suggest some protection strategy that
can make you feel safe? Is SSL / VPN (Virtual Private Network) enough?
3 4
Case of PKI business
Certification Authorities (CA) are big organizations
E.g. Verisign (the first CA in the world)
CA earns money by selling:
Private key and Public Key Key-pairs
Private key may be sold in special hardware
Public key are stored In the form of a Public KeyCertificate
Informally, some people say a CA sells Public KeyCertificates
What kinds of PKC (Public Key Certificate) are popular?
-
8/6/2019 Fundamentals of eCommerce Security (3)
2/27
-
8/6/2019 Fundamentals of eCommerce Security (3)
3/27
9
Symmetric Encryption
This is a
letter
K (enc/dec key)
X%*e1kI
4
Thomas:
Encrypt
K
This is a
letter
Peter:X%*e1kI
4 Decrypt
Authenticity: Peter knows the cipher is come from Thomas (Thomas has K)
Confidentiality: Peter knows the cipher cannot be seen by others (Only Peter
and Thomas have K)
No non-repudiation property
10
Hash Value
A.k.a. Integrity check value, message digest (MD)
An integrity check-value (of a message) is a fixed sizedata item where its content is depending on ALL bits of
that message An specific algorithm is used to produce this check-value
from a message. This algorithm can be keyless (D=H(M))
Same message gives the same check-value
When some bits in message is modified/added/deleted,the check-value would be different. Thus able to checkintegrity
Mathematically: Given D, it is extremely difficult to find M1
such that H(M1)=D. Given M and D, it is extremely difficult to find M1, suchthat M1 and M differs by a few bits and H(M1) = D
It is extremely difficult to find M1 and M2 such thatH(M1) = H(M2)
11
Hash functions
Message 1 Hash
Value 1
Fixed size (e.g.
160 bits)
Hash
Value 2
Hash
Fcn
Hash
FcnMessage 2
12
Integrity check process
A wants to send M to B
A computes D=H(M), and sends M,D to B
B receives M, D, and computes D=H(M) If D = D, then M and D are not tampered
M can also be transmitted in encrypted mode
H( ) is known as hash function, or one-way function
Popular hash functions are :
MD5 (128 bits)
SHA-1 (160 bits)
-
8/6/2019 Fundamentals of eCommerce Security (3)
4/27
-
8/6/2019 Fundamentals of eCommerce Security (3)
5/27
17
Relationship with CA
18
Use of Data Encryption(Confidentiality, but no authenticity)
19
Authentication using digital signature
Usually comes with challenge-response protocol
A wants to prove its identity to B
B sends A a message (usually with some random
content, some timing content) A uses its private key to sign on the message,
creating a digital signature
A sends the digital signature to B (usually as asigned message)
B verifies the digital signature, and authenticates A
Non-repudiation property: B can keep the digital
signature as evidence that A had been talking to B. More accurate: the owner of As private key had
been talking to B20
Use of Digital Signature(authenticity, non-repudiation, but no confidentiality)
-
8/6/2019 Fundamentals of eCommerce Security (3)
6/27
21
Short Review of Signed Applet
CA provides its root certificate to the browsers
The XYZ company wants to provide signed applets tocustomers
XYZ will buy a Public Key Certificate (and of course thecorresponding private key) from the CA
When a customer of XYZ, say John, gets a signedapplet (call it J1) from web server of XYZ XYZ will send its PKC to Johns browser
Using CAs root cert, and Johns PKC, Johns browser will findXYZ public key value, say v1.
Johns browser will use v1 to verify the correctness of the digital
signature of J1 If J1 is properly signed by XYZ private key, Johns browser will
execute J1.
Business of PKC (signed Applet case)
Browser
Root Cert -
cert. of BigBrother
(CA)
Server (S1) S1 has a Cert of
S1, issued by Big
Brother B1
B1
B1 is my
customer,
Trust him!
22
Signed
Applet
PKC
of S1
S1 has a
private key,
set up by CA
23
Short Review of Signed e-Doc
CA provides its root certificate to the browsers
The XYZ company wants to provide signed e-Doc tocustomers XYZ will buy a Public Key Certificate (and of course the
corresponding private key) from the CA When a customer of XYZ, say John, gets a signed e-
Doc (call it D1) from XYZ XYZ will send its PKC to Johns computer
Using CAs root cert, and Johns PKC, Johns browser will findXYZ public key value, say v1.
Johns computer will use v1 to verify the correctness of thedigital signature of D1
If D1 is properly signed by XYZ private key, Johns computer
will accept D1 is a properly signed e-Doc from XYZ.
Discussion Questions
Can a company, which stores a lot of electronicdocuments, files, web pages, etc, be able to getrid of all PKI technology?
Any advantages of doing so? Any disadvantages of doing so?
How can a company prove to a third-party thatan electronic document is really created 30years ago?
24
-
8/6/2019 Fundamentals of eCommerce Security (3)
7/27
25
Review of Steganography
Hiding info (small message) in a bigger message (e.g.microdot technology, invisible ink, pin punctures)
The smaller the ratio of size of hidden info / size ofthe big message, the more difficult for the hiddenmessage to be detected by outsiders withoutknowledge of the steganographic process.
Not exactly encryption, but modern steganographic toolscan also include encryption as a component
One application: watermarking for copyright protection
26
Steganography (2)
One Drawback : needs a lot of bits to encode asmall message
But now, the storage are there!! E.g. Kodak Photo CD
max. resolution 2048x3072 pixel (only 6M pixels)
each pixel 24 bits RGB color info
use least significant bit of each color to encodeinfo
hide 2.25 megabyte in one digital snapshot
27
SimpleSteganographye.g.
Dear George,
Greetings to all at Oxford. Many thanks for your
letter and for the summer examination package.
All Entry Forms and Fees Forms should be
ready
for final despatch to the syndicate by Friday
20th or at the very latest, Im told, by the 21st.
Admin has improved here, though theres room
for improvement still; just give us all two or three
more years and well really show you! Please
dont let these wretched 16+ proposals destroy
your basic O and A pattern. Certainly this
sort of change, if implemented immediately,would bring chaos,
Sincerely yours,
(Source : The Silent
World of Nicholas
Quinn, by Colin
Dexter)
28
A ChineseExample
What is the secret
message?
-
8/6/2019 Fundamentals of eCommerce Security (3)
8/27
29
Ancient Spartan MethodWhat is the secret message?
30
Secret Communication example
case Two terrorists (A & B) using a newsgroup
newsgroup
A B(1) A hides please
bring machine
gun in a photo
(2) A posts the
photo to the
newsgroup
(3) B extracts
the message
(4) B hides the
reply to the 2nd
photo
(5) B posts the
2nd photo to
newsgroup
31
The secret key
is 14234
Modern Simple Idea Question: what is hidden inside this diagram?
Internet
32
Other simple ideas Comments in HTML documents
Flipping of [,] and [;] in a document
White Space characters
File name of a temporary file (e.g tmp14357.txt)
File protection status of a special file E.g. in Unix: -r-xrwx-w- is an unusual setting
Plenty of opportunities Due to the extensive use of computer (diversity
in software used)
Unavoidably :
more favorable to subjectsperforming secret communication
-
8/6/2019 Fundamentals of eCommerce Security (3)
9/27
33
Steganography Vs Cryptography
Steganography
The science of Covered Writing Cryptography
The science of Secret Writing
34
Steganography Vs Cryptography
Writing process
secret
Hiding
methodBig Message
Big Messagewith secret
secret
Encryption key
Encryption
method cipher
Steg:
Cryp:
35
Steganography Vs Cryptography (2)
Reading process
secret
Extracting
method
Big Message
with secret
secret
Decryption key
Decryption
method cipher
Steg:
Cryp:
36
Steganography Vs Cryptography (3)
Strength of steganography
the hiding method is not known by others
Strength of cryptography
The encryption method can be known by
others
The key should not be known by others
The key length should be long enough to
stand against exhaustive search
-
8/6/2019 Fundamentals of eCommerce Security (3)
10/27
37
Combining Steganography &
CryptographyWriting process
Hiding
method
Big Message
Big Messagewith cipher
cipher
secret
Encryption key
Encryption
method
38
Combining Steganography &
Cryptography (2)Reading process
Extracting
method
Big Messagewith cipher
cipher
secret
Decryption key
Decryption
method
39
Abstract list of related techniques
Hide the information as
Some noise in another object (e.g. color
variation in photos, sound files, video clips)
The order of a list of randomly-ordered
items (e.g. supermarket receipts)
Random numbers that appear naturally in
an object (e.g. the random scars on the
skin of a monster in a computer game
picture)
40
Abstract list of related techniques (2)
Spread out the information:
One bit of information is diffused into
several bits first, before the hiding process.
In elaborated term: the split information
can be transmitted into several different
messages (say, any 5 of the 7 transmitted
messages can reconstruct the secret)
[Secret sharing]
-
8/6/2019 Fundamentals of eCommerce Security (3)
11/27
41
Abstract list of related techniques (3)
Adopt a statistical profile (e.g. generating random
English words that preserve the letter count statistic)
Not so important in modern Internet world (thereare too many data that are random in nature, e.g.
message id, a piece of cloud in a diagram)
Adopt a structural profile (e.g. reconstructing the
sentence grammar structure, and replacing a
verb/noun with similar meaning).
can Vs be able to
copy Vs make a copy of
Hiding the source of a message (to achieve
anonymity, so as to avoid the suspicion of having
hidden messages) 42
Goals of steganography Escaping inspection of human users
Store in photos, or the previous simple examples
Reinforcing the concept of copyright protection Discourage e-doc users to perform illegal copying
(Variant forms)
Escaping inspection of automatic
computing filters To ensure human being (in web registration process)
In SPAM email subjects, to avoid filtering
Ref:
http://captchas.net/
http://paul.luminos.nl/documents/show_document.php?d=316
Just carrier of extra messages Extra data fields without changing older systems
43
Usage of steganography Secret communication
Commercial reason
Political reason
Personal privacy reason Criminal offense
Downward compatibility of data structures. E.g.:
A data structure for photos is used in manyapplications
Some new applications require an extra featureto be transmitted
If this new feature is transmitted viasteganography, all old software/system need notbe changed
44
Usage of steganography (2)
Storing watermarks for copyright protection
of digital contents
The secret message is the serial number, of
some ID of the buyers Strong watermarks : those that are not easily
destroyed. Mainly for tracking the e-document
flow
Weak watermarks: those that can be destroyed
easily (say by photocopying).
E-document authentication (e.g. storing thedigital signature of the authors)
-
8/6/2019 Fundamentals of eCommerce Security (3)
12/27
Cases of Digital Watermarking
Visible watermark
Not a steganographic technique.
Just a way to put a mark in a picture
Fragile watermark
It is not detectable after the slightest modification
Commonly used for tamper detection (integrity proof)
Called semi-fragile if it resists benign transformation,
but fails detection after malignant transformation
Robust watermark Resists a lot of transformation
45
Visible watermark The information embedded as a watermark
can be almost anything. It can be a bit
string representing copyright message,
serial number, plain text, etc.
Sometimes it can be more useful to embed
a visual watermark (e.g. corporate logo)
instead of a bit string as a watermark.
46
Example of 8*8 visual
watermark
47
Eg. Of Visible Watermark
Source:
Web site of the uMark Software
http://www.uconomix.com/Products/uMark/Def
ault.aspx
48
-
8/6/2019 Fundamentals of eCommerce Security (3)
13/27
Fragile watermarking
A fragile technique often has to possess
two features:
it should be vulnerable to even very slight
modifications of the watermarked asset;
and it should be capable of locating, or even
identifying the endured attacks.
49 50
Using Pictures to store secret Modern Digital pictures has a lot of pixels.
Each pixel are represented by some bits (e.g. a pixel isrepresented as three 8-bit numbers, denoting the level
of Red, Green, Blue color) The lsb (least significant bit) of each 8-bit number has
minimal effect on the color of that pixel
Concept: use the lsb of each color to store the secret
Example
secret is 101100 (a 6-bit secret)
Use some scheme to select 2 pixels in a picture
For the first pixel, set the lsb of Red color to 1, lsbof Green color to 0, lsb of Blue color to 1.
For the second pixel, set the lsb of Red color to 1,lsb of Green color to 0, lsb of Blue color to 0.
51
RGB A picture with 20 pixels (in RGB form)
10110011 01101010 00110101
Blue color value
Green color value
Red color value
Lsb used to
store secret
message
52
Modern watermarking system framework
Let T be the steganographic tool that uses
pictures as storage media
Assume
The hidden message is H The picture used to store H is PIC
T uses a pseudo random number generator (a
program that can generate a sequence of
numbers that looked like random, when supplied
with a number called a seed)
-
8/6/2019 Fundamentals of eCommerce Security (3)
14/27
53
To store hidden message using T
User chooses a paraphrase, say I love you
T transforms I love you to a seed, and use the
pseudo random number generator to generatea set of random positions in PIC (call this set S)
Construct an error-correction code
representation of H (called it H*)
Put the bits of H* as least significant bit in
positions of PIC (determined by S)
54
To get hidden message using T
User (the one who want to read H) provides the
same paraphrase, (I love you).
T transforms I love you to a seed, and use thepseudo random number generator to generate
a set of random positions in PIC (call this set S)
Extract H* from the l.s.b. positions determined
by S
Extract H from H* (this works even if some
errors exist)
55
Properties There is small change of picture quality
Design principle: only modify the color of a pixel
slightly
A larger picture has more choices of pixel positions
to store the secret (and the secret can be longer)
Modification of the picture might destroy the secret
(watermark)
To store a longer secret message, you may need to
modify bits other than lsb. Picture may be distorted
Many picture formats are not storing the RGB
values directly. So variations of the mentioned
technique are needed.
56
E.g. on Steganographic Tools (1)
Stego (www.stego.com)
Storing the secret at the lsb of pixels (in a GIF image)
GIF using a palette, with each entry stores the RGB
values
Each pixel stores an index to a palette entry. The color
of the pixel is the color of that entry
Use the lsb of the index in a pixel to store the secret
Key step:
Sort the palette, according to an order of colors such
that neighboring palette entries store very similar
colors (details of this order is not discussed). After the above step, changing the lsb of each pixels
index will not change the color a lot.
-
8/6/2019 Fundamentals of eCommerce Security (3)
15/27
57
GIF image (20 pixels) with
palette
10110011 01101010 00110101index value (lsb is used to
store secret in stego)
palette
01101101
index
01101101
00000000
00000001
01101100
58
E.g. on Steganographic Tools (2)
Gifshuffle (www.darkside.com.au/gifshuffle/)
Also play with the palette structure of GIF images
(Key point 1) Gifshuffle recognized a special order of
the colors. Given a picture, it sort the palette accordingto that order
Assume there are n different colors in the palette
The n! different permutation of the colors can be usedto represent a number from 1 to n!.
(Key point 2) Thus, a secret with at most log2(n!) bitscan be stored as a special permutation of the palettecolors.
This scheme will not change the quality of the image!!!(same set of colors are used, the only difference is theorder in the palette)
59
m = a number from 0 to n!-1
n = size of an array of balls
Put balls b0, b1, b2, bn-1 into the array A[0], A[1], A[n-1]
such that the permutation encodes the number m
bn-1 is placed in A[0]
bn-2 is placed in A[0] or A[1]
bn-3 is placed in A[0], or A[1], or A[2]
bn-4 is placed in A[ j ], where j is an integer from 0, 1, 2, 3
. . .bn-i is placed in A[ j ], where j is an integer from 0, 1, i-1
. . .
b2
is placed in A[ j ], where j is an integer from 0, 1, n-3
b1 is placed in A[ j ], where j is an integer from 0, 1, n-2
b0 is placed in A[ j ], where j is an integer from 0, 1, n-1
Idea ( 1 ) : Put in the order of bn-1, bn-2, b2, b1, b0
Putting n balls in array A [ 0, n-1 ]
How to use a
permutation (of items) torepresent a number?
60
Idea ( 2 ) : Consider all the sequence of number m = m0, m1, mnm0 = m
mod 1
mod 2
div 1
m1
m2
m3
mn-3
mn-2
mn-1
mn = 0 rn
rn-1
rn-2
r3
mod 3
0 = r1
div 2
div 3
div n-2 mod n-2
mod n-1div n-1
( must be 0,
why? )
r2
mod ndiv n
( encode r1 by putting bn-1 )
( encode r2 by putting bn-2 )
( encode r3 by putting bn-3 )
( encode rn-1 by putting b1 )
( encode rn by putting b0 )
r1
, r2
r3
, rn-2
, rn-1
, rn
are three we want to encode
Example [ try n = 3, m = 3!-1 =5 ]
-
8/6/2019 Fundamentals of eCommerce Security (3)
16/27
61
Procedure to Encode ri ( a number from 0 to i-1 ) by putting bn-i
The algorithm
int m ( m = m0 at the beginning )
for i = 1, 2, 3, n
{ Calculate ri = m mod i ;
Calculate m = m div i ;
Encode ri by putting bn-i }
( Note : ( 1 ) bn-1 is supposed to be placed in the entry A[ri]
( 2 ) the array entry A[0], A[1], A[i-2] are occupied
( 3 ) A[i-1] is empty )
If ri = i-1, { put bn-1 in A[ri] }
else { move the ball in A[i-2] to A[i-1] ;move the ball in A[i-3] to A[i-2] ;
. . . move the ball in A[ri] to A[ri+1] ;put bn-i in A[ri] }
62
After finding rn, rn-1, rn-2, r2, r1, r0, compute m accordingly
To get back the value of m from the permutation array
Find rn-1 from b1 similarly
Find rn-2 from b2 similarly . . .
Find rn from the position of b0
Now, remove b0, and reverse the operation of inserting b0
( i.e. move A[r n+1] to A[rn]
A[rn+2] to A[rn+1]...
A[n-1] to A[n-2] )
Find where is b0
b0 must be in A[rn]
so we can know rn
63
Some examples of inserting bn-3
( Case 1 ) to A[2] ( Case 2 ) to A[1] ( Case 3 ) to A[0]
bn-2
bn-1
.
.
.
bn-2
bn-1
bn-3
.
.
.
bn-2
bn-1
.
.
.
bn-2
bn-3
bn-1
.
.
.
bn-2
bn-1
.
.
.
bn-3
bn-2
bn-1
.
.
.
A[0]
A[1]
A[2]
A[0]
A[1]
A[2]
A[0]
A[1]
A[2]
64
E.g. on Steganographic Tools (3)
JPHS(http://linux01.gwdg.de/~alatham/stego.html)
JPHIDE & JPSEEK
A relatively new tool
Use the BlowFish symmetric cipher as thepseudo random number generator
Able to hide message in jpeg files (withparaphrase control)
Claimed that with a low insertion rate (say
-
8/6/2019 Fundamentals of eCommerce Security (3)
17/27
65
E.g. on Steganographic Tools (4)wbStego (http://wbstego.wbailer.com/)
Text-based steganography for XML documentsThe text marked up the content using tags are called
XML documents, the structure of the XML documents
are defined in DTD files and the style is described in
XSL files.
66
XML
document
XMLdocument
stego data
embeddeddata
embeddeddata
embeddingcover data transmitting
XMLdocument
stego data
extracting
XSLT
DTD
processing
stego key stego key
Figure : Approach of Steganography in
XML document
67
Representation of empty elements
The representation of an empty element can be either a start
tag immediately followed by an end tag or an empty element
tag. By switching these two equivalent forms, we can embed
secret data without altering the content and validity of the
documents.
Take an example, if we use to represent a bit 0
while we use to represent a bit 1, the resulting
document after we insert a 01 message to it should be :
68
White spaces in tagsXML parser will ignore the space adding to adjacent side of the
element inside a tag. We can make use of this characteristic to
embed secret message and preserve the validity of the documents.
Take an example, we represent a bit 1 by adding a white space to
the element while adding no spaces is used to represent a bit 0.
We can represent the secret message 101100 010011 by (Can youfind it?) :
Alice
01
Bob
02
-
8/6/2019 Fundamentals of eCommerce Security (3)
18/27
69
Appearing order of the elements
Take an example, we represent a bit 0 by put the element
in front of element , but we represent a bit 1 by
putting the element before of element . There thefollowing data is used to represent 01.
Alice
01
02Bob
70
Appearing order of the attributes
In XML, the order of attributes of an element does not have any
effect on the content and meaning of the documents. Using this
characteristic, we cab embed secret data in XML documents byexchanging the order of attributes.
Take an example, we have an element which has two
attributes day and month. If we put the day attribute in front of
the month attribute, this represents a bit 0; otherwise this
represents a bit 1. The following data is used to represent 10.
My birthday
New Year
71
Structure of elements
At some situations, two elements can contain another. Using
this characteristic, we can embed secret data in XML
documents.
Take an example, if we have two elements which are
and that can contain each other, we use
containing to represent a bit 0 while use
containing to represent a bit 1. We can embed 10 in a
XML document by changing its format to :
Orange
Apple
Robust watermarking
A robust technique should at least be able to
resist the attacks that cause distortions
smaller than a certain threshold beyond
which the watermarked digital content is
greatly degraded.
Resists both intentional and inadvertent
transformations
Capacity degrades as a smooth function of
the degradation of the marked content
72
-
8/6/2019 Fundamentals of eCommerce Security (3)
19/27
73
A generic watermarking frameworkin media files
Some
transformation
Parameter
extraction
Media file
(big
message)
Hidden
message
A parameter
(e.g. a
correlation)
Inversetransformation
Parameter
modification
Modified
parameterParameter
insertion
Media file withwatermark
74
An Over-Simplified Idea Red Vs Blue to encode a bit (1/0)
A red picture is a 1
A blue picture is a 0
All other pictures are having no secret message
Improved version
Cut the picture into 25 grids
If the top-left grid is redder than others: a 1
If the top-left grid is bluer than others: a 0
All other situations means no secret message
75
Over-Simplified Idea (2) Another improved version
Cut the picture into 25 grids
Use Error-Correction-Code to store the secret bit in 5 (or anyother number) grids
Other improvements (which will evolve into a realsteganographic systems): Use other transformation parameters rather than Red/Blue
Increase the number of grids
Encode the bit into grids of different positions
Encode multiple bits
Add encryption
Idea: DCT Watermarking
Music has high frequency (H), medianfrequency (M), low frequency (L)
A section of music, with distortion at H, is stillrecognizable by listeners
Pictures also have H, M, L Roughly, rapid change of color is H
A picture with a distorted H is still readable
So, the H region is a good place to hidenumbers
76
-
8/6/2019 Fundamentals of eCommerce Security (3)
20/27
DCT-based robust watermarking
Discrete Cosine Transform (DCT)
The 2D-DCT cannot only concentrate themain information of original image into thesmallest low-frequency coefficient, but also itcan cause the image blocking effect beingthe smallest, which can realize the goodcompromise between the informationcentralizing and the computing complication.
So it obtains the wide spreading applicationin the compression coding.
77
Discrete Cosine Transformation (DCT)
The DCT has become the standard method
for image compression Represents an image as a sum of sinusoids
of varying magnitudes and frequencies
typically the image is divided into 8x8 pixelblocks, where each block is transformed into64 transform coefficients
For most images, most of the visuallysignificant information about the image isconcentrated in just a few coefficients
78
79 80
data:0: 153 153 153 153 153 153 153 1531: 153 153 153 153 153 153 153 1532: 153 153 153 153 153 153 153 1533: 153 153 153 153 153 153 153 153
4: 153 153 153 153 153 153 153 1535: 153 153 153 153 153 153 153 1536: 153 153 153 153 153 153 153 1537: 153 153 153 153 153 153 153 153DCT:0: 200 0 0 0 0 0 0 01: 0 0 0 0 0 0 0 02: 0 0 0 0 0 0 0 03: 0 0 0 0 0 0 0 0
4: 0 0 0 0 0 0 0 05: 0 0 0 0 0 0 0 06: 0 0 0 0 0 0 0 07: 0 0 0 0 0 0 0 0
Examples of DCT
-
8/6/2019 Fundamentals of eCommerce Security (3)
21/27
81
data:0: 135 108 157 93 163 99 148 1211: 135 108 157 93 163 99 148 1212: 135 108 157 93 163 99 148 121
3: 135 108 157 93 163 99 148 1214: 135 108 157 93 163 99 148 1215: 135 108 157 93 163 99 148 1216: 135 108 157 93 163 99 148 1217: 135 108 157 93 163 99 148 121
DCT:0: 0 0 0 0 0 0 0 2001: 0 0 0 0 0 0 0 0
2: 0 0 0 0 0 0 0 03: 0 0 0 0 0 0 0 04: 0 0 0 0 0 0 0 05: 0 0 0 0 0 0 0 06: 0 0 0 0 0 0 0 07: 0 0 0 0 0 0 0 0
Examples of DCT (cont.)
82
data:0: 135 135 135 135 135 135 135 1351: 108 108 108 108 108 108 108 1082: 157 157 157 157 157 157 157 157
3: 93 93 93 93 93 93 93 934: 163 163 163 163 163 163 163 1635: 99 99 99 99 99 99 99 996: 148 148 148 148 148 148 148 1487: 121 121 121 121 121 121 121 121
DCT:0: 0 0 0 0 0 0 0 01: 0 0 0 0 0 0 0 0
2: 0 0 0 0 0 0 0 03: 0 0 0 0 0 0 0 04: 0 0 0 0 0 0 0 05: 0 0 0 0 0 0 0 06: 0 0 0 0 0 0 0 07: 200 0 0 0 0 0 0 0
Examples of DCT (cont.)
Watermark embedding
Cox et al asserted that in order for a
watermark to be robust, it need to be
placed in the most significant part of the
image.
the watermark will be composed of
random numbers drawn from a Gaussian
distribution N(0,1) distribution
83
Watermark embedding
General procedure
1.Applying frequency transformation to the data.
2.Computing perceptual mask to highlight themost significant regions in the spectrum that cansupport the watermark without affecting theimage fidelity (V).
3. Inserting the watermark to the image.
4. Inverse DCT
84
-
8/6/2019 Fundamentals of eCommerce Security (3)
22/27
85
Watermark embedding
Watermark Structure
A watermark consists of a sequence of real
numbers W= 12K
where each value i is chosen independently
according to the Gaussian distribution N(0,1).
86
Step 1 - Compute 2-D DCT of image
Step 2 Locate Klargest coefficients,c1, c2, , cK Step 3 - Embed watermark into the K
largest DCT coefficients using:
ci = ci * (1 + i), = 0.1
Step 4 - Convert the inverse DCT of theresults from step 3
Watermark embedding
87 88
Insertion
TheN1blockof64quantizedcoefficients
0
4 1 1
E.g. of Watermark embedding
-
8/6/2019 Fundamentals of eCommerce Security (3)
23/27
Q: Why Klargest coefficients are selected?
A: issmall,reducedvisibility
Watermark embedding
Watermarksareembeddedinmultiplefrequency
componentswithspatialimpactovertheentire
image
Attackstendtodegradeimage
89
Step 1 - Compute 2-D DCT of image in question
Step 2 - Extract KDCT coefficients from same positionsas insertion, c1, c2, ..., cK
Step 3 - Compute watermark using:
i = ci - ci 1
-
8/6/2019 Fundamentals of eCommerce Security (3)
24/27
If the true owner have signed the image
with a watermark first, and also hid awaythe original image and only released thewatermarked version to the public.
In this case since Bob must havewatermarked the image after her, she canprove her ownership by showing her
original image that she owns and it doesnot have Bobs watermark embedded.
Problem (cont.)
93
If some doubt canbe created about
the true originalimage, byfabricating anoriginal, the trueowner of the imagecannot bedetermined bywatermarking
alone. Inverse watermark
calculation
Problem (cont.)
94
References
[1] Kai Wang, etc. A Comprehensive
Survey on Three-Dimensional Mesh
Watermarking, IEEE TRANSACTIONS
ON MULTIMEDIA, 10(8), pp: 1513-1527,
2008
[2] Abbas Cheddad, etc. Digital image
steganography: Survey and analysis of
current methods, Signal Processing,90(3), pp: 727-752, 2010
95 96
Attacks on Steganography Technical classification (like cryptographic attacks)
File (the message with hidden secret) only attack
File and original copy attack
Multiple encoded file attack
File + algorithm attack Destroy everything attack
Random tweaking attack
Adding new information to files
Reformat attack
Compression attack
Special attacks: e.g. Mosiac attack on pictures
Question: How to destroy a hidden message storedusing the gifshuffle software?
A f k
-
8/6/2019 Fundamentals of eCommerce Security (3)
25/27
Example of attacks (in 3D case)
Original mesh and four examples of attacked meshes:
(a) original Rabbit mesh; (b) random noise addition; (c)smoothing; (d) cropping; (e) simplification.
97 98
A more concept framework 3 main approaches
(the hacker) adds additional watermark to the file,
to make the original watermark unrecognizable
Perform transformation to file (e.g. rotation,
reformatting, re-sizing to photos) to destroy the
watermark
Find multiple files (with different watermarks), by
comparing them, find the knowledge of
watermark, and remove it
Destroying the watermark (to avoid the trace) iseasier, to extract it is more difficult
99
Practical attack method e.g. 1
StirMark
(http://www.cl.cam.ac.uk/~mgk25/stirmark.html)
A generic tool to test robustness of image
watermarking algorithms
To the image, StirMark applies same kinds of
errors into the image, including stretch, shift,
rotate, etc., then use scanning process to
reconstruct the image
Many commercial watermarking algorithms
failed this test
100
Practical attack method e.g. 2
Mosaic attack (a special purposeattack)
Given a picture P with watermark
Cut P into small rectangles
Write a web page, whichassembles all rectangles into theoriginal picture
Check for watermark is notpossible due to the small size ofeach rectangle
Mainly used to act against web
crawlers that patrols the Internet tofind pictures with a certainwatermark.
C t h l l
-
8/6/2019 Fundamentals of eCommerce Security (3)
26/27
101
An extension : Covert channel
A Hacking case, we are the hackers
Assume that we:
Have planted a root privilege process R in thevictim system V
Able to start a user process U in V as well
R can still an important information, a 4-bit
secret (e.g. 1011) from Vs protected memory
We want R to send this 4-bit secret to U, (& later
let U to send it out)
We want a memory only solution!!
102
Covert channel example
V (victim)
R
U
PublicNewsgroup
103
To steal the 1011 bit sequence
R creates a new root-privilege process R* (say using
fork)
R* repeatedly do the following forever:
R* sleep for 4 seconds
If the 1st bit is 1, R* runs for 0.5 sec (say repeatedly
assign zero to a variable), then sleeps for 0.5
second. But if the 1st bit is 0, R* sleeps for 1 sec
If the 2nd bit is 1, R* runs for 0.5 sec then sleeps for
0.5 second. But if the 2nd bit is 0, R* sleeps for 1 sec
If the 3rd bit is 1, R* runs for 0.5 sec then sleeps for
0.5 second. But if the 3rd bit is 0, R* sleeps for 1 sec
If the 4th bit is 1, R* runs for 0.5 sec then sleeps for
0.5 second. But if the 4th bit is 0, R* sleeps for 1 sec104
What U do U uses some process monitoring command (e.g. ps in
Unix) to monitor the root-privileged process in every 0.1
sec interval
If after some time, U discovers a process with the
strange execution timing as described in the previousslide, U can extract the 4-bit sequence
It is a slow, workable, and hard to detect method
Can be combined with other techniques. For example
the secret is a system message box handle, so R &
U can communicate further in passing memory)
The secret is a key to decrypt a file in /tmp directory
Di i Q ti
-
8/6/2019 Fundamentals of eCommerce Security (3)
27/27
105
user area in O.S. U listen to system area
protected area in O.S. R R* (says 1011)
Time
scale
state of R*
Running/runnable
sleep
Time
forks
Discussion Question
Are there any use to put watermarks incompany documents?
By using Visible watermark
By using Fragile watermark
By using Robust watermark
106