Presentation is loading. Please wait.

Presentation is loading. Please wait.

HICSS 36 A Watermarking Infrastructure for Enterprise Document Management Presenter S.C. Cheung Department of Computer Science.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "HICSS 36 A Watermarking Infrastructure for Enterprise Document Management Presenter S.C. Cheung Department of Computer Science."— Presentation transcript:

1 HICSS 36 A Watermarking Infrastructure for Enterprise Document Management Presenter S.C. Cheung scc@cs.ust.hk scc@cs.ust.hk Department of Computer Science Hong Kong University of Science and Technology Co-author Dickson K.W. Chiu kwchiu@cse.cuhk.hk

2 2HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management Outline Digital Watermarking Document Distribution Infrastructure Three Phases of Document Distribution Protocol Acquisition of Registration Certificates Acquisition of Registration Certificates Acquisition of Documents Acquisition of Documents Resolution of Policy Violation Resolution of Policy Violation Conclusion & Future Work

3 3HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management Introduction Enterprise document management across a large enterprise is difficult. Sensitive documents often found in photocopier rooms or public folders at file servers Sensitive documents often found in photocopier rooms or public folders at file serversWhy? It involves both digital and non-digital forms. It involves both digital and non-digital forms. It covers both automated and manual procedures. It covers both automated and manual procedures. It requires a truly distributed solution. It requires a truly distributed solution. It supports multimedia format. It supports multimedia format. It must be flexible, allowing individual group to refine its own policies. It must be flexible, allowing individual group to refine its own policies. It should protect privacy wherever applicable. It should protect privacy wherever applicable.

4 4HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management Introduction We propose the use of digital watermarking to enforce enterprise document distribution policy. Document provider disseminates watermarked documents based on the registration certificate submitted by end user End User Document Provider

5 5HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management Digital Watermarking (Overview) Two common applications of digital watermarking: Identify and claim the copyrights ownership Identify and claim the copyrights ownership Identify the origin of illegal distribution  Identify the origin of illegal distribution  Watermarks are exclusively owned by individuals. Watermarks are exclusively owned by individuals.

6 6HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management Digital Watermarking is originated from Steganography

7 7HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management Principle of Digital Watermarking insertiondetection

8 8HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management Key Issues in Watermarked Document Distribution Protocol PhasesIssues Registration Certificate Acquisition - Secrecy of watermarks Watermarked Document Acquisition - End users cannot be trusted - Document providers cannot be trusted Policy Violation Resolution - End users cannot be trusted - Document providers cannot be trusted

9 9HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management Problem Identify the origin of illegal distribution End user owning the origin is liable End user owning the origin is liable End user’s watermark is analogous to a private key End user’s watermark is analogous to a private key  Could we protect end user’s watermark in document distribution to prevent others (including the document provider) from abusing the watermark?

10 10HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management Solution Sketch End users need not release their watermarks Instead, end users release an encrypted version of their watermarks So, how does a document provider validate an encrypted watermark? Trusted Enterprise Registration Authority Use registration certificate to protect the integrity of encrypted watermark

11 11HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management Watermarked Document Distribution Infrastructure Obtain Once Document provider disseminates watermarked documents based on the registration certificate submitted by end user Enterprise registration authority generates registration certificate for end user End User Enterprise Registration Authority Document Provider Policy enforcer collects evidence of policy violation from document provider Policy Enforcer

12 12HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management Object Model of Registration Certificate Registration Certificate Response Registration Certificate (RCert B ) Watermark (W) Encrypted Watermark E KB (W) Registration Certificate Request PKI Certificate (Cert B ) Public Key (K B ) End User 1 1 1 1 11 1 1 Enterprise Registration Authority 1 generated by1 * refers to encrypt 1 aggregation binary association ternary association produces Sign(RCert B )

13 13HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management apply for registration certificate Registration Certificate Request generate watermark Registration Certificate Response obtain PKI certificate store certificate End User Enterprise Registration Authority Watermark Acquisition activities data objects

14 14HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management Watermarked Document Acquisition

15 Policy Violation Resolution encrypt X” by E KB Evidence Response ( σ, RCert B ) discover a sensitive document (X”) Policy EnforcerDocument Provider retrieve the request identifier (V) from X” retrieve permutation function σ and registration certificate (RCert B ) send evidence σ & RCert B Encrypted Document E KB (X”) data objects activities Evidence Request (X”) submit X” retrieve public key E KB retrieve encrypted watermark E KB (W) apply permutation function σ Permutated Encrypted Watermark E KB ( σ W) detect existence of E KB ( σ W) in E KB (X”) [no] X” originates from the end user of RCert B [yes]

16 16HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management Implementation Architecture Enterprise Registration Authority Request Registration Certificate Deliver Registration Certificate Encrypted watermarked document Document Registry Look up document access information and policy Check out Register document access information and policy End User Check in document with registration certificate Store and retrieve document access history Deliver permutation function and registration certificate Submit suspected document request for evidence Document Access Log Document Server of the Provider Policy Enforcer Certificate Repository Maintain directories of valid and revoked Registration Certificates

17 17HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management Version (of Registration Certificate Format) Registration Certificate Serial Number Signature Algorithm Identifier (for Certificate Issuer’s Signature) Issuer Name Validity Period (Start and Expiry Dates/Times) Subject Name Roles Subject’s Public Key information (Algorithm Identifier & Public Key Value) One-Way Hash Value of Encrypted Secret Text Encrypted Image Watermark & Watermarking Algorithm Identifiers Encrypted Audio Watermark & Watermarking Algorithm Identifiers Encrypted Video Watermark & Watermarking Algorithm Identifiers Issuer’s Digital Signature Optional Format of Registration Certificate

18 18HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management Conclusion We have proposed a distribution protocol and its infrastructure for watermarked documents features with two roles: end users and document providers; features with two roles: end users and document providers; does not require trusts on these parties in the protection and distribution of watermarks; does not require trusts on these parties in the protection and distribution of watermarks; assumes a trusted enterprise registration authority and the use of registration certificates assumes a trusted enterprise registration authority and the use of registration certificates

19 19HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management Future Work Study the effectiveness of our protocol with respect to various watermarking schemes Adapt the techniques to digital contents in JPEG2000 format Study the integration of watermarking protocols and inter-organizational workflows [1,2,3] and e- marketplace negotiations [4] 1.S.C. Cheung, Dickson K.W. Chiu and Sven Till, A Data-Driven Methodology to Extending Workflows to E- services over the Internet (HICSS-36), January 2003. 2.Dickson K.W. Chiu, S.C. Cheung and Sven Till, A Three Layer Architecture for E-Contract Enforcement in an E-Service Environment (HICSS-36), January 2003. 3.Dickson K.W. Chiu, Wesley C.W. Chan, Gary K.W. Lam, S.C. Cheung and Franklin T. Luk, An Event Driven Approach to Customer Relationship Management in e-Brokerage Industry (HICSS-36), January 2003. 4.S.C. Cheung, Patrick C.K. Hung and Dickson K.W. Chiu, On the e-Negotiation of Unmatched Logrolling Views (HICSS-36), January 2003.

20 Questions and Answers scc@cs.ust.hk kwchiu@cse.cuhk.hk

21 21HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management Supplementary Slides (Q&A) Permutation function void permutefunc(VLONG wmark[], int size, int seed) { int i, index1, index2; srand(seed); for (i=0; i < rand() % 100 + 50)// min. 50 times, max 150 times { VLONG tmp; index1=rand()%size;index2=rand()%size; // swap the two watermark coefficient tmp = wmark[index1]; wmark[index1]=wmark[index2];wmark[index2]=tmp;}}

22 22HICSS36 - scc A Watermarking Infrastructure for Enterprise Document Management Supplementary Slides (Q&A) Watermark generation and insertion Privacy homomorphism If the watermark insertion operation is: X  W = { x 1 (1+αw 1 ), x 2 (1+αw 2 ),…, x 1000 (1+αw 1000 )} X  W = { x 1 (1+αw 1 ), x 2 (1+αw 2 ),…, x 1000 (1+αw 1000 )} Then we have, (E(x)  E(y)) mod n = E(x  y) (E(x)  E(y)) mod n = E(x  y) Therefore we can insert watermark in the encrypted domain: E KB (X’  σ(W)) = E KB (X’)  σ(E KB (W)) E KB (X’  σ(W)) = E KB (X’)  σ(E KB (W))

Download ppt "HICSS 36 A Watermarking Infrastructure for Enterprise Document Management Presenter S.C. Cheung Department of Computer Science."

Similar presentations

Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
HICSS 36 On the e-Negotiation of Unmatched Logrolling Views Presenter S.C. Cheung Department of Computer Science Hong Kong.

HICSS 36 On the e-Negotiation of Unmatched Logrolling Views Presenter S.C. Cheung Department of Computer Science Hong Kong.
A New Scheme For Robust Blind Digital Video Watermarking Supervised by Prof. LYU, Rung Tsong Michael Presented by Chan Pik Wah, Pat Mar 5, 2002 Department.

A New Scheme For Robust Blind Digital Video Watermarking Supervised by Prof. LYU, Rung Tsong Michael Presented by Chan Pik Wah, Pat Mar 5, 2002 Department.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
Safeguarding and Charging for Information on the Internet Hector Garcia-Molina, Steven P. Ketchpel, Narayanan Shivakumar Stanford University Presented.

Safeguarding and Charging for Information on the Internet Hector Garcia-Molina, Steven P. Ketchpel, Narayanan Shivakumar Stanford University Presented.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.

Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
SMUCSE 5349/7349 Public-Key Infrastructure (PKI).

SMUCSE 5349/7349 Public-Key Infrastructure (PKI).

Similar presentations

Ads by Google