1 / 14

Randomized Detection for Spread-Spectrum Watermarking: Defending Against Sensitivity and Other Attacks

Randomized Detection for Spread-Spectrum Watermarking: Defending Against Sensitivity and Other Attacks. Ramarathnam Venkatesan and Mariusz H. Jakubowski {venkie, mariuszj}@microsoft.com Cryptography and Anti-Piracy Group Microsoft Research March 20, 2005. Overview. Introduction

carsten
Download Presentation

Randomized Detection for Spread-Spectrum Watermarking: Defending Against Sensitivity and Other Attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Randomized Detection for Spread-Spectrum Watermarking: Defending Against Sensitivity and Other Attacks Ramarathnam Venkatesan and Mariusz H. Jakubowski {venkie, mariuszj}@microsoft.com Cryptography and Anti-Piracy Group Microsoft Research March 20, 2005

  2. Overview • Introduction • Spread-spectrum methodology • Enhancements and analysis • Experimental results • Conclusion

  3. Spread-Spectrum Watermarking = + Embedding Original image Watermark Watermarked image secret key pseudorandom generator = * ~0 if WM is absent ~1 if WM is present Detection Test image Watermark • The watermark is a pseudorandom sequence of positive and negative chips. The dot (*) represents correlation (normalized dot product). • Robustness is typically achieved via redundancy, synchronization grids, error correction, visual models, embedding in special domains, and other techniques.

  4. Overview • Introduction • Spread-spectrum methodology • Enhancements and analysis • Experimental results • Conclusion

  5. Spread-Spectrum Enhancements • Strategies against cryptanalytic attacks • Pseudorandom embedding into portions of available domain • Pseudorandom detection • Many correlations over pseudorandom WM subsets • Median value from subsets returned as WM response • Image-dependent WM keys from image hashes • Some resistance against signal-processing attacks • Contrast enhancement to boost WM • Some randomized redundant embedding into regions • Note: Redundancy, synchronization grids, and related techniques tend to make cryptanalysis easier. • Is provable resistance against both cryptanalytic and signal-processing attacks possible?

  6. Cryptanalysis Model • Results: • Yes/No WM • WM strength Pseudorandom black-box detector ... • Adversarial processing: • Coefficient changes • WM estimation • Arbitrary analysis Adversarial inputs

  7. Detection Scheme • Let n = total number of chips (or number of WMed coefficients). • Detection: • Choose m WM subsets S1, S2, …, Sm, each of size k << n. • Compute correlations Y1, Y2, …, Ym over the subsets. • Output median Ymed of Y1, Y2, …, Ym. • Overall correlation » average over subsets • Median approximates average well: Pr [|Ymed − E(Y)| ³ e ] £e−cn (c = constant)

  8. Security Against Black-Box Attacks • Assume subsets contain k out of n total watermarked coefficients. • The following limits the information attacker can obtain during each query to the black-box detector: Lemma (Threshold Phenomenon): Consider a watermarked image, and set p = k/n. Assume the attacker changes X coefficients in the transform plane, and |pX − 1/2| > L, where L is a constant. Let Si, where i £ n, be the random subsets choosen by the detector. Let D1 and D2 denote the detector values that are output to the attacker. For every r > 0, we have Pr [|D1 − D2| ³r] £e−cnW for some constant c, where W is the space of coin flips used by the detector. • Consequence: If the attacker changes too few coefficients, the attack will fail with high probability (i.e., values output by detector change little despite attacker’s arbitrary modifications to coefficients).

  9. Overview • Introduction • Spread-spectrum methodology • Enhancements and analysis • Experimental results • Conclusion

  10. Watermarking Example WM response: enhanced correlation measure No watermark: 3% Watermark: 257% StirMark + low-quality JPEG: 103% StirMark attack: 195%

  11. Results on Typical Images • Results of watermark tests on 100 images • Each image was watermarked and StirMarked. • 19 incorrect watermark keys yield low watermark responses (whether or not watermark enhancement is applied). • One proper watermark key yields high watermark responses, generally significantly higher after enhancement.

  12. Black-Box Attack: Brute-Force Chip Estimation • Choose X watermark chips to estimate (e.g., X = 3). • For each of the 2X possible chip sequences, create an attack image: • In DCT domain, set all coefficients to zero, except for ones corresponding to selected chips. • Set each chip coefficient to an artificially large value (+ or -) to boost overall correlation. • Use the black-box WM correlation detector to compute WM response over each attack image. • The attack image with the highest WM response provides estimated chip signs. * Test image Attack image 001 * Test image Attack image 010 . . . * - large positive attack chip - large negative attack chip Test image Attack image 111 (2X)

  13. Results of Attack on 10 Test Images A. Plain images B. Watermarked images C. Attack images (X = 10 correct coefficients) A: Overall correlation response (blue) and subset-median response (green) both correctly reveal no WM. B: Overall response and subset response both correctly reveal WM. C: Overall response incorrectly reveals WM on well-guessed attack chips. Subset response correctly reveals no WM, foiling the attack.

  14. Conclusion • New methods proposed to enhance the security of spread-spectrum watermarking against cryptanalysis. • Ultimate security of spread-spectrum watermarking remains an open problem. • Are there practical spread-spectrum methods provably robust against both cryptanalysis and signal-processing attacks?

More Related