Presentation is loading. Please wait.

Presentation is loading. Please wait.

Randomized Detection for Spread- Spectrum Watermarking: Defending Against Sensitivity and Other Attacks Ramarathnam Venkatesan and Mariusz H. Jakubowski.

Published byJuan O'Keefe Modified over 10 years ago

Similar presentations

Presentation on theme: "Randomized Detection for Spread- Spectrum Watermarking: Defending Against Sensitivity and Other Attacks Ramarathnam Venkatesan and Mariusz H. Jakubowski."— Presentation transcript:

1 Randomized Detection for Spread- Spectrum Watermarking: Defending Against Sensitivity and Other Attacks Ramarathnam Venkatesan and Mariusz H. Jakubowski {venkie, mariuszj}@microsoft.com Cryptography and Anti-Piracy Group Microsoft Research March 20, 2005

2 2 Overview Introduction Spread-spectrum methodology Enhancements and analysis Experimental results Conclusion

3 3 Spread-Spectrum Watermarking + = = Original imageWatermarkWatermarked image Detection The watermark is a pseudorandom sequence of positive and negative chips. The dot (*) represents correlation (normalized dot product). Robustness is typically achieved via redundancy, synchronization grids, error correction, visual models, embedding in special domains, and other techniques. WatermarkTest image ~0 if WM is absent ~1 if WM is present Embedding pseudorandom generatorsecret key *

4 4 Overview Introduction Spread-spectrum methodology Enhancements and analysis Experimental results Conclusion

5 5 Spread-Spectrum Enhancements Strategies against cryptanalytic attacks –Pseudorandom embedding into portions of available domain –Pseudorandom detection Many correlations over pseudorandom WM subsets Median value from subsets returned as WM response –Image-dependent WM keys from image hashes Some resistance against signal-processing attacks –Contrast enhancement to boost WM –Some randomized redundant embedding into regions –Note: Redundancy, synchronization grids, and related techniques tend to make cryptanalysis easier. –Is provable resistance against both cryptanalytic and signal-processing attacks possible?

6 6 Cryptanalysis Model Pseudorandom black-box detector Adversarial inputs... Results: Yes/No WM WM strength Adversarial processing: Coefficient changes WM estimation Arbitrary analysis

7 7 Detection Scheme Let n = total number of chips (or number of WMed coefficients). Detection: –Choose m WM subsets S 1, S 2, …, S m, each of size k << n. –Compute correlations Y 1, Y 2, …, Y m over the subsets. –Output median Y med of Y 1, Y 2, …, Y m. Overall correlation average over subsets Median approximates average well: Pr [|Y med E(Y)| ] e cn (c = constant)

8 8 Security Against Black-Box Attacks Assume subsets contain k out of n total watermarked coefficients. The following limits the information attacker can obtain during each query to the black-box detector: Lemma (Threshold Phenomenon): Consider a watermarked image, and set p = k/n. Assume the attacker changes X coefficients in the transform plane, and |pX 1/2| > L, where L is a constant. Let S i, where i n, be the random subsets choosen by the detector. Let D 1 and D 2 denote the detector values that are output to the attacker. For every r > 0, we have Pr [|D 1 D 2 | r] e cn for some constant c, where is the space of coin flips used by the detector. Consequence: If the attacker changes too few coefficients, the attack will fail with high probability (i.e., values output by detector change little despite attackers arbitrary modifications to coefficients).

9 9 Overview Introduction Spread-spectrum methodology Enhancements and analysis Experimental results Conclusion

10 Watermarking Example No watermark: 3%Watermark: 257% StirMark attack: 195% StirMark + low-quality JPEG: 103% WM response: enhanced correlation measure

11 11 Results on Typical Images Results of watermark tests on 100 images Each image was watermarked and StirMarked. 19 incorrect watermark keys yield low watermark responses (whether or not watermark enhancement is applied). One proper watermark key yields high watermark responses, generally significantly higher after enhancement.

12 12 Black-Box Attack: Brute-Force Chip Estimation Attack image 001Test image * Attack image 010Test image * Attack image 111 (2 X )Test image *... 1.Choose X watermark chips to estimate (e.g., X = 3). 2.For each of the 2 X possible chip sequences, create an attack image: In DCT domain, set all coefficients to zero, except for ones corresponding to selected chips. Set each chip coefficient to an artificially large value (+ or -) to boost overall correlation. 3.Use the black-box WM correlation detector to compute WM response over each attack image. 4.The attack image with the highest WM response provides estimated chip signs. - large positive attack chip - large negative attack chip

13 13 Results of Attack on 10 Test Images A. Plain imagesB. Watermarked imagesC. Attack images ( X = 10 correct coefficients) A: Overall correlation response (blue) and subset-median response (green) both correctly reveal no WM. B: Overall response and subset response both correctly reveal WM. C: Overall response incorrectly reveals WM on well-guessed attack chips. Subset response correctly reveals no WM, foiling the attack.

14 14 Conclusion New methods proposed to enhance the security of spread-spectrum watermarking against cryptanalysis. Ultimate security of spread-spectrum watermarking remains an open problem. Are there practical spread-spectrum methods provably robust against both cryptanalysis and signal-processing attacks?

Download ppt "Randomized Detection for Spread- Spectrum Watermarking: Defending Against Sensitivity and Other Attacks Ramarathnam Venkatesan and Mariusz H. Jakubowski."

Similar presentations

DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
MULT. INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

MULT. INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
Assumptions underlying regression analysis

Assumptions underlying regression analysis
Spatial Domain Image Watermarking Robust against Compression, Filtering, Cropping and Scaling By Sebé, Domingo-Ferrer, Herrera Information Security Dec.

Spatial Domain Image Watermarking Robust against Compression, Filtering, Cropping and Scaling By Sebé, Domingo-Ferrer, Herrera Information Security Dec.
Equivalence Partitioning

Equivalence Partitioning
Capacity-Approaching Codes for Reversible Data Hiding Weiming Zhang, Biao Chen, and Nenghai Yu Department of Electrical Engineering & Information Science.

Capacity-Approaching Codes for Reversible Data Hiding Weiming Zhang, Biao Chen, and Nenghai Yu Department of Electrical Engineering & Information Science.
Addition 1’s to 20.

Addition 1’s to 20.
Detecting Spam Zombies by Monitoring Outgoing Messages Zhenhai Duan Department of Computer Science Florida State University.

Detecting Spam Zombies by Monitoring Outgoing Messages Zhenhai Duan Department of Computer Science Florida State University.
SURE-LET for Orthonormal Wavelet-Domain Video Denoising Florian Luisier, Member, IEEE, Thierry Blu, Senior Member, IEEE, and Michael Unser, Fellow, IEEE.

SURE-LET for Orthonormal Wavelet-Domain Video Denoising Florian Luisier, Member, IEEE, Thierry Blu, Senior Member, IEEE, and Michael Unser, Fellow, IEEE.
Introduction to Watermarking Anna Ukovich Image Processing Laboratory (IPL)

Introduction to Watermarking Anna Ukovich Image Processing Laboratory (IPL)
Tamper-Tolerant Software: Modeling and Implementation International Workshop on Security (IWSEC 2009) October 28-30, 2009 – Toyama, Japan Mariusz H. Jakubowski.

Tamper-Tolerant Software: Modeling and Implementation International Workshop on Security (IWSEC 2009) October 28-30, 2009 – Toyama, Japan Mariusz H. Jakubowski.
A New Scheme For Robust Blind Digital Video Watermarking Supervised by Prof. LYU, Rung Tsong Michael Presented by Chan Pik Wah, Pat Mar 5, 2002 Department.

A New Scheme For Robust Blind Digital Video Watermarking Supervised by Prof. LYU, Rung Tsong Michael Presented by Chan Pik Wah, Pat Mar 5, 2002 Department.
Maximizing Strength of Digital Watermarks Using Neural Network Presented by Bin-Cheng Tzeng 5/21 2002 Kenneth J.Davis; Kayvan Najarian International Conference.

Maximizing Strength of Digital Watermarks Using Neural Network Presented by Bin-Cheng Tzeng 5/ Kenneth J.Davis; Kayvan Najarian International Conference.
Randomized Radon Transforms for Biometric Authentication via Fingerprint Hashing 2007 ACM Digital Rights Management Workshop Alexandria, VA (USA) October.

Randomized Radon Transforms for Biometric Authentication via Fingerprint Hashing 2007 ACM Digital Rights Management Workshop Alexandria, VA (USA) October.
Ghunhui Gu, Joseph J. Lim, Pablo Arbeláez, Jitendra Malik University of California at Berkeley Berkeley, CA 94720.

Ghunhui Gu, Joseph J. Lim, Pablo Arbeláez, Jitendra Malik University of California at Berkeley Berkeley, CA
Fifth International Conference on Information

Fifth International Conference on Information
Enhanced images watermarking based on amplitude modulation Image and Vision Computing, 24 (2006), 111 – 119 Authors :T. Amornraksa, K. Janthawongwilai.

Enhanced images watermarking based on amplitude modulation Image and Vision Computing, 24 (2006), 111 – 119 Authors :T. Amornraksa, K. Janthawongwilai.
Watermarking Technology Ishani Vyas CS590 Winter 2008.

Watermarking Technology Ishani Vyas CS590 Winter 2008.
Cryptanalysis of Correlation-Based Watermarking Schemes Using Single Watermarked Copy Author: Tanmoy Kanti Das and Subhamoy Maitra From IEEE SIGNAL PEOCESSING.

Cryptanalysis of Correlation-Based Watermarking Schemes Using Single Watermarked Copy Author: Tanmoy Kanti Das and Subhamoy Maitra From IEEE SIGNAL PEOCESSING.
A Novel Scheme for Hybrid Digital Video Watermarking By Pat P. W. Chan Supervised by Michael R. Lyu 2/2/2004 Computer Science and Engineering Department.

A Novel Scheme for Hybrid Digital Video Watermarking By Pat P. W. Chan Supervised by Michael R. Lyu 2/2/2004 Computer Science and Engineering Department.

Similar presentations

Ads by Google