2 Contents Motivation Goals Ways Digital Rights Management (DRM). Authentication : Data Hiding (watermarking & Steganography), Digital Fingerprint /signatureConfidentiality : EncryptionIntegrity : hash (Digital Fingerprint /signature)Access Control :Non repudiation : third partyDigital Rights Management (DRM).
3 I. MotivationThe recent growth of networked multimedia systems has increased the need for the protection of digital mediaDigital mediaAudioVideoDocuments (including HTML documents) :ImagesGraphic or Scene ModelsPrograms (executable code)
4 I. Motivation Electronic/digital media Record conditions : Very easy to make copies : ???Very fast distributionEasy archiving and retrievalCopies are as good as original : ???Easily modifiable : ???Environmental Friendly
5 I. MotivationWithout such methods, placing images, audio or video sequences on a public network puts them at risk of theft and alteration.Techniques are needed to prevent the copying, forgery and unauthorized distribution of multimedia elementsThis is particularly important for the protection and enforcement of intellectual property rights.Copyright protection involves the authentication of media ownership, and the identification of illegal copies of the (possibly media.
6 II. Goals Goals of Multimedia streams (Multimedia Security) Secure communicationsSecure delivery :Copyright protection (originality)Prevent forgery, illegal copying, illegal distribution (Integrity)Tamper proofing,Access controlvisual encryptionSecure Internet/Network :
7 III. Ways (Approaches) Cryptography Techniques : Multimedia AuthenticationMultimedia Signature & WatermarkMultimedia Confidentiality (Encryption)Multimedia Identifications and Access ControlMultimedia IntegrityMultimedia Non-repudiationsImplemented into : Digital Right ManagementWatermarking, steganography, digital signature, fingerprint
8 3.1. Cryptography Techniques Authentication: providing assurance of the identity of the multimedia data sender (assure the credibility of multimedia content)Primary tool: Digital signatures (data hiding : watermarking, steganography)Confidentiality: protecting multimedia data from unauthorized disclosure (Secure content transmission privacy)Primary tool: Encryption (DES, AES, RSA, Diffie Hellman, ….., )Integrity: providing assurance that multimedia data has not been altered in an unauthorized way (Assurance that data received is as sent)Primary tool: HashingAccess ControlPrevention of unauthorized use of a resource (Protect multimedia data from illegal distribution and theft)Non-repudiation: preventing a party from denying a previous action. (Protection against denial by the parties in a communication)Primary tool: Trusted third party service
10 220.127.116.11. Passive Authentication No requirement of knowledge of original image.Does not rely of presence of watermark or fingerprint.Identify media tampering methods.Example : Three image tampering (enhancing, compositing & copy/move)
11 a. Three Image Tampering There are three main categories of image tampering:EnhancingCompositingCopy/Move
12 1. Enhancing Changing the color of objects Changing the weather conditionsBlurring out objects
13 Combining two or more images to create a new image 2. CompositingCombining two or more images to create a new imageI know things are bigger in America – but this is crazy!
14 Compositing / Re-sampling Detection Original ImageTampered ImageFourier Transform ofunaltered regionPeriodic pattern in FourierTransform of altered region
15 3. Copy-MoveCopying regions of the original image and pasting into other areas.The yellow area has been copied and moved to conceal the truck.
17 18.104.22.168. Active Authentication Assess methods available for protecting media.Require knowledge original imageRely on :Data Hiding :Watermarking/Digital watermarkingSteganographyDigital Fingerprint/signatureAlgorithm/key used to embed the watermark or fingerprint.
18 22.214.171.124. Active Authentication Data HidingWatermarkingSteganographyDigital Signature/Fingerprint
19 Retrieved information Data HidingKeyOriginaldataEmbeddingfunctionExtractionfunctionChannelInformation to embedRetrieved informationM(L)^M(L)
20 A. Watermarking/Digital Watermarking Watermarking is a concept of embedding a special pattern into the Audio, video, image and texta given piece of information, such as the owner’s or authorized consumer’s identity, is indissolubly tied to the data.This information can later :prove ownership,Identify a misappropriating person,Trace the marked document’s dissemination through the network,Or simply inform users about the rights-holder or the permitted use of the data
21 A. Watermarking/Digital Watermarking Allows users to embed some data into digital contentsWhen data is embedded,It is not written at header part but embedded directly into digital media itself by changing media contents dataOriginalInformationWatermarked
22 a. Embedding Techniques Spatial domainWatermark embedded by directly modifying the pixel values.Usually use spread spectrum approach.Original needed (Non Blind)Original not needed (Blind)Frequency domainUsually use Transform domain watermarking- Watermark embedded in the transform domain e.g., DCT, DFT, wavelet by modifying the coefficients of global or block transform.
29 DCT phase modulation (embed m bits) Embedding algorithmRandomly select a group of low frequency DCT coefficients using a key.Generate a binary message as a watermark.Set the phase of the selected coefficients in accordance with the embedded watermark.Decoding algorithmUse the same key to select the coefficient.Extract the sign of the selected coefficients and decode according to the embedding rule.
31 b. Application of Watermarking Rights management : copyrightOwner IdentificationProof of OwnershipTransaction Tracking and serialization productLinking, E-CommerceContents managementCopy ControlAccess/copy controlAuthentication&IntegrityContent AuthenticationMonitoringFiltering & Classification
32 Provider Index Database Location (Centralized or Distributed) b1. CopyrightAudio/Video Master Embed Copyright and Content ID DWMContent OwnerProvider Index Database Location (Centralized or Distributed)User’s PCRip Software Compressed Audio/Video File (e.g. MP3 file)User Software Detect Copyright and Content ID DWM for Secure and Enhanced contentRights & Info Database Content ID linked to rights, information and related content
33 b2. Serialization & Tracking Identifies content owners and rights while communicating copyright informationAwareness of watermarked content by consumer creates deterrent against unauthorized copying and distributionProvides accurate identification of source of unauthorized content discovered on the Internet and/or physical mediaRecordable MediaEmbed Serial # (2)Embed Serial # (1)Content IDRetail ContentContent ProviderTrack and take proper actionDetect Serial Number(1) At Point of Distribution(2) At point of copying/re-distributionProtected for privacy
34 b2. Connected Content/Linking Promoting & Facilitating M-CommerceLocation based servicesMultimedia accessStreaming audioMusicMultimediaBookmarkingCaptured CD e-logo links to web and music downloadsDOWNLOADRing tonesBuy ticketsReviewsTour datesSamplesBand info
35 b3. Filtering & Classification CopyrightedNon-CopyrightedContent FilterAccess Legitimate Copy or LicenseFiltering can occur at the whole content level and/or at a more granular level identifying copyrighted, sensitive and/or questionable material for the given audienceMay be key element of identifying copyrighted content to support legitimate P2P distribution
36 c. Types of Watermark Visible Invisible A visible information which is overlaid on the primary mediaInvisibleThe information which cannot be seen, but which can be detected algorithmically
37 c1. Visible WatermarkLogo or seal of the organization which holds the rights to the primary mediaIt allows the primary information to be viewed,But still marks it clearly as the property of the owning organization.Overlay the watermark in a way which makes it difficult to remove, if the goal of indicating property rights is to be achieved.
39 c2. Invisible Watermark Embedding level is too small to notice Can be retrieved by extraction softwareApplications: Authentication, Copyrighting
40 c2.1. Fragile WatermarksDesigned to detect every possible change in pixel values .Variety of TechniquesMost cases, the watermark is embedded in the least significant bit (LSB) of the image.Advantages:Pick up all image manipulations – malicious and non-maliciousDisadvantages: Too sensitiveBreak very easily under any modification of the host signalUsed for tamper detection or as a digital signature.
41 c2.2. Semi-Fragile Watermarks They are robust, to a certain extent, and are less sensitive to pixel modifications.Techniques:Divide image into blocks and utilize bits from each block to calculate a spread spectrum noise like signal which is combined with DCT coefficients and inserted as a watermark.Review slide number : 27-28Advantage: less sensitive than fragile watermarksUsed for data authentication.Disadvantage : brake very easily to other attacks.
42 Example : Video Raw video watermarking Watermarking I-frame (Mpeg-1,2) DFTDCTDWT : DWT-based Video Watermarking Scheme with Scramble WatermarkWatermarking I-frame (Mpeg-1,2)Video object watermarking (Mpeg-4)
43 Example : Digital Cameras Watermarking based on secret key, block ID and content.The image is divided into blocks and each block watermarked using a frequency based spread spectrum technique incorporating the secret key, block ID and block content.Image of photographers iris is combined with the camera ID, the hash of the original image and other details specific to the camera.
45 c2.3. Robust /Self Embedding The previous techniques will only detect and localize areas of interest when authentication is carried out.The watermark should be permanently intact to the host signalUsed for copyright protection.Advantage: Potential for original data to be retrieved.Disadvantage:Removing the watermark result in destroying the perceptual quality of the signal (lost information
47 e. Limitations of digital watermarking Digital watermarking does not prevent copying or distribution.Digital watermarking alone is not a complete solution for access/copy control or copyright protection.Digital watermarks cannot survive every possible attack.
48 f. Watermark attacks Robustness attacks: Presentation Attacks: Intended to remove the watermark. JPEG compression, filtering, cropping, histogram equalization additive noise etc.Presentation Attacks:Rotation, scaling, translation, change aspect ratio, line/frame dropping, affine transformation etc.Counterfeiting attacks:Render the original image useless, generate fake original, dead lock problem.Court of law attacks:Take advantage of legal issues.
49 B. SteganographySteganography is the science of hiding information in such a way that no one suspects the information exists both perceptually and statistically (the only the recipient knows of its existence)Steganography is usually combined with cryptography.With cryptography the information is known to exist,but it is encoded in such a way that only the intended recipient can read it.The word Steganography is of Greek origin and means “covered, or hidden writing.”Steganographic messages will generally appear as something else such as a picture or a text file.Provide security
50 What to hide How to hide Texts Images Sound embed text in text/images/sound filesembed image in text/image/sound filesembed sound in text/image/sound files
51 a. History of Steganography Dates back to 440 BCHeredotus and wax tabletsHistiaeus and his tattooed slaveLater in the 1500’s Johannes TrithemiusSteganographiaWorld War IIMicro DotsDoll WomanPueblo Incident in 1968Sign Language Photos
52 b.How does it work now? Encrypted Data Data Carrier Media Encrypt SteganogramCarrierMedia
53 Application Hiding in text, images, audio, video Hiding data in unused/reserved disk spaceHiding data in software and circuitryHiding in network packets in TCP headers for example by utilizing the reserved bits
54 C. Example : LSBHidden messages can also be implemented into audio files using the LSB method.Sounds and noises at the LSB level can not typically be heard by the human ear.Therefore when playing the original file it sounds just like a normal .wav or .mp3 fileHowever it can be decrypted to reveal another sound file or any file for that matter.The File must be big enough to hold hidden message (avoid the information existence)
55 1. Image LSB Least significant bit (LSB) encoding Comments: Replace the LSB of each pixel with the secret messagePixels may be chosen randomly according to a keyComments:The simplest and most common steganographic tech.Premise = change to the least significant bit will be masked by noise commonly present in images.
56 2. Text LSBThe one’s bit of a byte is used to encode the hidden information.Suppose we want to encode the letter A (ASCII 65 or binary ) in the following 8 bytes of a carrier file.becomesTypical .wav file uses 16 bit sampling.
57 Variations of LSBUse password as a seed for pseudo random number generator.Use only those bytes separated by the value of the next random number to hide data.Advantages - More difficult to detect and decode.Disadvantage – Limits the number of bytes that are available for holding the payload.
58 Cryptography usually used in conjunction with steganography Provides an extra layer of security.Makes the existence of a hidden message more difficult to detect.The LSB of a digital audio or video file tends to resemble noise.The most significant bits tend to be grouped in blocks. For example, the ocean background has a large block of bits where r = 0110xxxx g = 1010xxxx b = 1110xxxxThus when encoding this data in the LSB there will be a repeating pattern: 0110xxxx1010xxxx1110xxxx.Encryption randomizes this data so it looks like noise again.
59 c. Example : Popular Programs S-ToolsImageSteghide.bmp.wav.auMP3Stego.mp3SnowText files
60 1. S-Tools One of the most reliable tools for steganography is S-tools This program was created in 1994 by Andy BrownThere has been no updates since then because of its encryption algorithm, Nearly impossible to breakIncludes programs that process GIF and BMP images, process audio files and will even hide information in the unused areas of the floppy diskettes
61 Why S-tools is so good for this! 4 different types of encryptions to choose fromIDEA, DES, Triple DES, MDCThe password is entered and confirmed by the user and then is encrypted using the desired algorithmTo reveal any image one must know the password along with the encryption algorithmThis makes it extremely difficult to break even using a brute force attack.
62 126.96.36.199.2. Digital Fingerprint/signatures Basic functionalityProcessesAsymmetric encryptionCertificationUser’s realisation
63 A. Basic FunctionalityDigital Fingerprinting is an emerging technology to protect multimedia from unauthorized redistribution.It embeds a unique ID into each user's copy, which can be extracted to help identify culprits when an unauthorized leak is found, that identifies the originator of a document.It utilizes asymmetric encryption, where one key (private key) is used to create the signature code and a different but related key (public key) is used to verify it.
64 A. Basic FunctionalityA powerful, cost-effective attack is the collusion attack from a group of users,where the users combine their copies of the same content but with different fingerprints to generate a new version.If designed improperly, the fingerprints can be attenuated or even removed by the collusion attack.
65 B. Processes OK Hash function : Message+SignatureHashDecryptWith Sender’sPublic KeySIGN hashPrivate keysignatureCOMPARECalculatedSenderReceiverSignedSent thru’ InternetifOKSignaturesverifiedHash function :algorithm which creates a digital representation in the form of a hash result of a standard length which is usually much smaller than the message but substantially unique to it
66 B. Processes Generally : Each individual generates his own key pair a pair of keys, namely a private key and a public key[Public key known to everyone & Private key only to the owner]Private Key – Used for making digital signature (ie. has to be saved, e.g. using a chip card with a PIN )Public Key – Used to verify the digital signaturePublic key can be accessible for everyone,but its owner’s identity has to be identifiable without problems to guarantee authentication (certificate)Not possible to generate the Private key by knowing someone’s Public key
67 (including Algorithm identifier) RSA Key pair(including Algorithm identifier)[2048 bit]Private Keya b1 d311 e ccb e2 0d83 463d e493 bab6 06d3 0d59 bd3e c1ce a 21a8 efbc ccd0 a2cc b da d854 0aa ed 6356 ff70 6ca3 a119 d278 be68 2a44 5e2f cfcc 185e 47bc 3ab1 463d 1ef0 b92c 345f 8c7c 4c08 299d 4055 eb3c 7d83 deb5 f0f7 8a83 0ea1 4cb4 3aa5 b35f 5a22 97ec 199b c105 68fd e6b7 a c e a25 193a eb95 9c39 0a8a cf42 b2f0 1cd5 5ffb 6bed b39 2c72 38b0 ee93 a9d3 7b77 3ceb 7103 a938 4a16 6c89 2aca da c255 8ced 9cbb f2cb 5b10 f82e 6135 c629 4c2a d02a 63d b4f8 cdf9 f400 84b d 32a8 f92a 54fb ff78 41bc bd71 28f4 bb90 bcff e3 459e aPublic Keye4 f f61 dd12 e f08 4ccb e2 0d83 463d e493 bab d59 bf3e c1ce a 11a8 efbc ccd0 a2cc b da d8b4 0aa ed 6356 ff70 6ca3 a119 d278 be68 2a44 5e2f cfcc 185e 47bc 3ab1 463d 1df0 b92c 345f 8c7c 4c08 299d 4055 eb3c 7d83 deb5 f0f7 8a83 0ea1 4cb4 3aa5 b35f 5a22 97ec 199b c105 68fd e6b7 a c e a25 193a eb95 9c39 0a8a cf42 b250 1cd5 5ffb 6bed b39 2c72 38b0 ee93 a9d3 7b77 3ceb 7103 a938 4a16 6c89 2aca da c255 8ced 9cbb f2cb 5b10 f82e 6135 c629 4c2a d02a 63d b4f8 cdf9 f400 84b d 32a8 f92a 54fb ff78 41bc bd71 28f4 bb90 bcff de 45de af f1 0001
68 B. Processes Digital signature creation (Sender Side) : Generating message’s digest (hash result) and a given private keyResult of the encryption: digital signatureSender send :Message with digital signature and certificate to receiver
69 B. Processes Digital signature verification (Receiver Side) : Receiver wants to checkIntegrityGenerating hash result, compare it to the sender’s hash result and decrypting the message with the sender’s public keyAuthenticityCan be checked by means of the certificate
70 C. Digital Signature Features Signer Authentication :A signature should indicate who signed a document, message or record, and should be difficult for another person to produce without authorization.Message Authentication:The digital signature also identifies the signed message, typically with far greater certainty and precision than paper signatures. Verification reveals any tampering, since the comparison of the hash resultsAffirmation Act :Signatures are legally bindingEfficiency :Allows for automation of modern Electronic Data Interchange (EDI).
71 D. Advantages of Digital Signatures Data integrityDigital signatures provide proof that the document or message has not been altered or tampered with.Authentication of IdentitiesDigital signatures make it easier to verify the identity of senders and recipient.Concept of non-repudiationThis means that neither the sender nor the recipient can deny having sent or received the document.Includes an automatic date and time stamp, which is critical in business transactions.Increase the speed and accuracy of transactions
72 E. Disadvantages of Digital Signatures Technological CompatibilityRefers to standards and the ability of one digital signature system to "talk" to another. It is difficult to develop standards across a wide user base.Security ConcernsThese efforts are perpetually hampered by lost or borrowed passwords, theft and tampering, and vulnerable storage and backup facilities.Legal IssuesThere is clear consensus that digital signatures should be legally acceptable. However, many questions remain unanswered in the legal arena
73 F. Challenges Institutional overhead The cost of establishing and utilizing certification authorities, repositories, and other important services, as well as assuring quality in the performance of their functions.Subscriber and relying Party CostsA digital signature will require software, and will probably have to pay a certification authority some price to issue a certificate. Hardware to secure the subscriber’s private key also be advisable.
74 G. Digital Signatures Example : Text <Signed SigID=1>Promissory NoteI, Mary Smith, promise to pay to the order of First Western Bank five thousand dollars and no cents ($5,000) on or before June 10, 1998, with interest at the rate of fifteen per cent (15%) per annum.Mary Smith, Maker</Signed><Signature SigID=1 snID=smith082> 2AB CC18946A29870F40198B240CD2302B DE002342B212990BA C1D20774C1622D39</Signature>
75 H. Example : For Image Based on the concept of public key encryption. Hashed version of image is encrypted using a private key.Encrypted file provides a unique signature/fingerprint of the image which can be used to authenticate by decryption with public key.Mainly used in transmission of images.
76 I. Example : Digital Cameras Epson Image Authentication System (IAS)The IAS software in the camera instantly seals the captured images with an invisible digital fingerprint.Verification of image is achieved by any PC with Image Authentication System software installed
77 ConfidentialityEncryption is a powerful tool for access control and confidentiality protection
78 A. Encryption Algorithym Data Encryption Standard (DES)The most widely used encryption schemeDES is a block cipher – the plaintext is processed in 64-bit blocksThe key is 56-bits in lengthBased on Feistel Cipher StructureTriple DESEffective key length of 112/168 bitsAdvanced Encryption Standard (AES)128-bit data, 128/192/256-bit keysStronger & faster than Triple-DES
80 B.Multimedia Encryption Approach Signal scramblingHistorical approachNot compatible with modern multimedia compressionFast speed but low securityTotal encryption with cryptographic ciphersTrivial solutionHigh security but slow speedSelective encryptionMost popular approach todayLimited in its range of applicationIntegrating encryption into entropy codingComplementary to selective encryptionVery fast computation speed
81 Transmission channel or storage media Selective EncryptionSelect the most important coefficients and then encrypt them with traditional ciphers such as DESAdvantagesLower complexityHigh security level provided by traditional cryptologyLess error correction coding redundancyCompatible with existing software and hardware modulesMediaCompressionSystemCoefficientSelectionCryptographicCipherErrorCorrectionCodingDigitizedAudiovisualdataCoefficientsSelectedNon-selectedTransmission channel or storage media4 modes of DES - - ECB, CBC, CFB, OFB
82 IntegrityHashing process have discussed a little bit at the confidentiality materialsHash algorithm :
84 Non repudiationThird party : search by yourself
85 3.2. Digital Rights Management A broad term used to describe a number of techniques for restricting the free use and transfer of digital content.DRM is used in a number of media, but is most commonly found in video and music files.They therefore reinterpret DRM to stand for Digital Restrictions Management.
86 3.2.1. A functional definition of DRM The identification and description of intellectual property, rights pertaining to works and to parties involved in their creation or administration (digital rights management)The (technical) enforcement of usage restriction (digital management of rights).
87 3.2.2. Requirement & Tools Requirements DRM tools Identification (unique identifier of the work)Clear description (Metadata)Usage rulesDRM toolsIdentify the work, the right holderDescribe the contentAllow use according to the rules
88 3.2.3. DRM Technical Solution CONDITIONAL ACCESS (CA) SYSTEMS FOR SATELLITE, CABLE AND TERRESTRIAL TELEVISION NETWORKSDIGITAL RIGHTS MANAGEMENT (DRM) SYSTEMS FOR THE INTERNETCOPY PROTECTION (CP) SYSTEMS FOR DIGITAL HOME NETWORKSDVD PROTECTIONDIGITAL TAPE PROTECTIONDIGITAL INTERFACE PROTECTIONIP MULTICAST securitySECURE MULTICAST APPLICATIONSCORE PROBLEM AREA IN MULTICAST SECURITYEVALUATION CRITERIAclassification of KEY MANAGEMENT SCHEMESPERIODIC BATCH REKEYINGWIRELESS NETWORKS AND MOBILE MEMBERSTWO-TIER SERVER ARCHITECTUREDESIGN CRITERIAMOBILE MEMBER JOIN AND LEAVEMOBILE MEMBER TRANSFERSECURITY OF WIRELESS LANSWIRED EQUIVALENT PRIVACY (WEP)WHAT’S WRONG WITH WEP?IMPROVEMENTS ON WEPLEGAL SOLUTIONSWORLD INTELLECTUAL PROPERTY ORGANIZATION (WIPO)DIGITAL MILLENIUM COPYRIGHT ACT (DMCA) OF 1998CONSUMER BROADBAND AND DIGITAL TELEVISION PROMOTION ACT (CBDTPA) OF 2002CONSUMERS, SCHOOLS, AND LIBRARIES DIGITAL RIGHTS MANAGEMENT AWARENESS ACT OF 2003
89 188.8.131.52. Content Scrambling System (CSS) One of the first and most widely contested DRM, used to encode DVD movie files.This system was developed by the DVD Consortium as a tool to influence hardware manufacturers to produce only systems which didn't include certain features.By releasing the encryption key for CSS only to hardware manufacturers who agreed not to include features such as digital-out, which would allow a movie to be copied easily, the DVD Consortium was essentially able to dictate hardware policy for the DVD industry.Very quickly after the CSS DRM was implemented, its algorithm was broken.
90 DeCSSTools for making copies of CSS-encrypted movies and playing them on systems that otherwise would not be able to, such as some alternative operating systems.The Digital Millennium Copyright Act in the United States makes it illegal to use systems such as DeCSS to bypass DRM limitations.Similar acts have since been passed in many countries.Many advocates in the computer science world see the DMCA as a major blow against creative freedom because of its overly harsh restrictions.
91 Software ExampleGame consoles (Nintendo, Sony Playstation, …)Microsoft software (Genuine certificate verification)Trial use of a software for a limited period of timeOnline registration to activate the software