Download presentation

Presentation is loading. Please wait.

Published byJuan O'Keefe Modified over 3 years ago

1
Randomized Detection for Spread- Spectrum Watermarking: Defending Against Sensitivity and Other Attacks Ramarathnam Venkatesan and Mariusz H. Jakubowski {venkie, Cryptography and Anti-Piracy Group Microsoft Research March 20, 2005

2
2 Overview Introduction Spread-spectrum methodology Enhancements and analysis Experimental results Conclusion

3
3 Spread-Spectrum Watermarking + = = Original imageWatermarkWatermarked image Detection The watermark is a pseudorandom sequence of positive and negative chips. The dot (*) represents correlation (normalized dot product). Robustness is typically achieved via redundancy, synchronization grids, error correction, visual models, embedding in special domains, and other techniques. WatermarkTest image ~0 if WM is absent ~1 if WM is present Embedding pseudorandom generatorsecret key *

4
4 Overview Introduction Spread-spectrum methodology Enhancements and analysis Experimental results Conclusion

5
5 Spread-Spectrum Enhancements Strategies against cryptanalytic attacks –Pseudorandom embedding into portions of available domain –Pseudorandom detection Many correlations over pseudorandom WM subsets Median value from subsets returned as WM response –Image-dependent WM keys from image hashes Some resistance against signal-processing attacks –Contrast enhancement to boost WM –Some randomized redundant embedding into regions –Note: Redundancy, synchronization grids, and related techniques tend to make cryptanalysis easier. –Is provable resistance against both cryptanalytic and signal-processing attacks possible?

6
6 Cryptanalysis Model Pseudorandom black-box detector Adversarial inputs... Results: Yes/No WM WM strength Adversarial processing: Coefficient changes WM estimation Arbitrary analysis

7
7 Detection Scheme Let n = total number of chips (or number of WMed coefficients). Detection: –Choose m WM subsets S 1, S 2, …, S m, each of size k << n. –Compute correlations Y 1, Y 2, …, Y m over the subsets. –Output median Y med of Y 1, Y 2, …, Y m. Overall correlation average over subsets Median approximates average well: Pr [|Y med E(Y)| ] e cn (c = constant)

8
8 Security Against Black-Box Attacks Assume subsets contain k out of n total watermarked coefficients. The following limits the information attacker can obtain during each query to the black-box detector: Lemma (Threshold Phenomenon): Consider a watermarked image, and set p = k/n. Assume the attacker changes X coefficients in the transform plane, and |pX 1/2| > L, where L is a constant. Let S i, where i n, be the random subsets choosen by the detector. Let D 1 and D 2 denote the detector values that are output to the attacker. For every r > 0, we have Pr [|D 1 D 2 | r] e cn for some constant c, where is the space of coin flips used by the detector. Consequence: If the attacker changes too few coefficients, the attack will fail with high probability (i.e., values output by detector change little despite attackers arbitrary modifications to coefficients).

9
9 Overview Introduction Spread-spectrum methodology Enhancements and analysis Experimental results Conclusion

10
Watermarking Example No watermark: 3%Watermark: 257% StirMark attack: 195% StirMark + low-quality JPEG: 103% WM response: enhanced correlation measure

11
11 Results on Typical Images Results of watermark tests on 100 images Each image was watermarked and StirMarked. 19 incorrect watermark keys yield low watermark responses (whether or not watermark enhancement is applied). One proper watermark key yields high watermark responses, generally significantly higher after enhancement.

12
12 Black-Box Attack: Brute-Force Chip Estimation Attack image 001Test image * Attack image 010Test image * Attack image 111 (2 X )Test image *... 1.Choose X watermark chips to estimate (e.g., X = 3). 2.For each of the 2 X possible chip sequences, create an attack image: In DCT domain, set all coefficients to zero, except for ones corresponding to selected chips. Set each chip coefficient to an artificially large value (+ or -) to boost overall correlation. 3.Use the black-box WM correlation detector to compute WM response over each attack image. 4.The attack image with the highest WM response provides estimated chip signs. - large positive attack chip - large negative attack chip

13
13 Results of Attack on 10 Test Images A. Plain imagesB. Watermarked imagesC. Attack images ( X = 10 correct coefficients) A: Overall correlation response (blue) and subset-median response (green) both correctly reveal no WM. B: Overall response and subset response both correctly reveal WM. C: Overall response incorrectly reveals WM on well-guessed attack chips. Subset response correctly reveals no WM, foiling the attack.

14
14 Conclusion New methods proposed to enhance the security of spread-spectrum watermarking against cryptanalysis. Ultimate security of spread-spectrum watermarking remains an open problem. Are there practical spread-spectrum methods provably robust against both cryptanalysis and signal-processing attacks?

Similar presentations

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google