Outline n n Digital Watermarking SemiFragile Watermarking Steganography

  • Slides: 52
Download presentation

Outline n n Digital Watermarking Semi-Fragile Watermarking Steganography Media Hashing 2

Outline n n Digital Watermarking Semi-Fragile Watermarking Steganography Media Hashing 2

Why IPR Protection? Analog Media Digital Media Original ¼ Copy 1 ¼ Copy N

Why IPR Protection? Analog Media Digital Media Original ¼ Copy 1 ¼ Copy N Original = Copy 1 = Copy N = 3

Traditional Protection Method: Encryption n n Protect confidentially Protection vanishes after decryption Original Data

Traditional Protection Method: Encryption n n Protect confidentially Protection vanishes after decryption Original Data Encrypt Secret Key Encrypted Data Decrypt Unprotected Data Secret Key 4

New Protection Technologies: Watermarking and Hashing n Digital Watermarking (Data Hiding) n n n

New Protection Technologies: Watermarking and Hashing n Digital Watermarking (Data Hiding) n n n Content has to be modified (a data hiding technique) Contents to be protected must be watermarked Measures “originality” Stand-along Media Hashing (Fingerprinting) n n Content is not modified (a non-hiding technique) Can track the usage of contents already available in the public domain Measure “similarity” Connection to database required 5

Applications n Data Hiding n Copyright Protection n n Traitor Tracing n n Semi-Fragile

Applications n Data Hiding n Copyright Protection n n Traitor Tracing n n Semi-Fragile Watermarking Secret Communication n n Digital Fingerprinting Content Authentication n n Robust Watermarking Steganography Non-Hiding n Illegal Copy Detection/Searching n Media Hashing 6

Types of Digital Watermarking n Visible Watermarking n Invisible Watermarking 7

Types of Digital Watermarking n Visible Watermarking n Invisible Watermarking 7

Data Correction (denoising) 8

Data Correction (denoising) 8

Terminology n Cover (original, host) data n n Image, video, audio, 3 D object,

Terminology n Cover (original, host) data n n Image, video, audio, 3 D object, graphics, … Stego (watermarked) data Suspect (attacked/stego/unmarked) data Watermark n Hidden signal/message/logo 9

Transparency n n Both cover data and stego data should be perceptually indistinguishable Techniques

Transparency n n Both cover data and stego data should be perceptually indistinguishable Techniques n n Heuristic-determined weighted (low-amplitude modifications) Human Visual System (HVS) n DCT-based (vision. arc. nasa. gov/personnel/al/ahumada. html) n n Wavelet-based (Watson et al. ’ 97) n n Image dependent Image independent Noise Visibility Function (NVF) (Voloshynovskiy et al. ‘ 99) 10

Wavelet-based HVS Watson et al. , IEEE Trans. Image Proc, ’ 97 11. 36

Wavelet-based HVS Watson et al. , IEEE Trans. Image Proc, ’ 97 11. 36 12. 71 14. 68 12. 71 19. 54 14. 69 LH 23. 03 28. 41 HL 23. 03 HH 58. 76 11

Noise Visibility Function (NVF) n n Voloshynovskiy et al. ’ 99 NVF is defined

Noise Visibility Function (NVF) n n Voloshynovskiy et al. ’ 99 NVF is defined as complex 0 smooth NVF 1 12

Robustness n n Def. – The ability to resist against attacks Attacks are only

Robustness n n Def. – The ability to resist against attacks Attacks are only considered useful if the hidden watermark could be removed or undetectable before the quality of data has been destroyed 13

Watermark Attacks Watermarking Attacks Removal Attack Denoising Lossy compression Quantization Remodulation Collusion Averaging Geometrical

Watermark Attacks Watermarking Attacks Removal Attack Denoising Lossy compression Quantization Remodulation Collusion Averaging Geometrical Attack Global, local warping Global, local transforms Jittering Cryptographic Attack Brute force key search Oracle Protocol Attack Watermark inversion Copy attack Voloshynovskiy et al. “attacks modeling: towards a second generation watermarking benchmark, ” Signal Processing, 2001 Kutter and Petitcolas, “A fair benchmark for image watermarking systems, ” Proc. SPIE 99 14

Dispute Attack: Single Watermarked Image Counterfeit Original (Craver et al. ‘ 98) Faked Original

Dispute Attack: Single Watermarked Image Counterfeit Original (Craver et al. ‘ 98) Faked Original + Original watermark stego - Faked Watermark 15

Dispute Attack: Twin Watermarking Image Counterfeit Original (TWICO) (Craver et al. ’ 98) Original

Dispute Attack: Twin Watermarking Image Counterfeit Original (TWICO) (Craver et al. ’ 98) Original Stego 1 + Original watermark Fake Original ¼ + Stego 2 Faked Watermark 16

Copy Attack (Kutter et al. ‘ 00) Watermarked image Watermark extraction Counterfeit Watermarked image

Copy Attack (Kutter et al. ‘ 00) Watermarked image Watermark extraction Counterfeit Watermarked image Watermark insertion 17

Self-Reference Watermark (Kutter ‘ 98) 18

Self-Reference Watermark (Kutter ‘ 98) 18

Capacity n Payload of watermarks n One-bit information n Indicates whether of not the

Capacity n Payload of watermarks n One-bit information n Indicates whether of not the image contains a specified watermark Suitable for tamper proofing application Multiple-bit information n n Useful information such as an identification number, copyright statement, etc. can be hidden At least 64 -bit payload is required 19

Detection (Decryption) n Only a trusted third party n n Use different parameters (private/public

Detection (Decryption) n Only a trusted third party n n Use different parameters (private/public key) n n n Secret keys won’t be exposed The knowledge of detection algorithm and public key should not be the clue At present, both robustness and security are still insufficient in the public watermarking paradigm Blind vs. Non-blind 20

Performance Evaluation n False positive n n Actually no, but the algorithm returned yes

Performance Evaluation n False positive n n Actually no, but the algorithm returned yes False negative n Actually yes, but the algorithm returned no 21

ROC (Receiver Operating Characteristic) Curves X-軸是 1 -Specificity = 1 - TN/(TN+FP) = FP/(TN+FP)

ROC (Receiver Operating Characteristic) Curves X-軸是 1 -Specificity = 1 - TN/(TN+FP) = FP/(TN+FP) 也就是 False Positive Rate Y-軸是 Sensitivity = TP/(TP+FN) 也就是 True Positive Rate 22

Digital Watermarking Products n n Giovanni (blue. Spike, www. bluespike. com) Sys. Cop (Media.

Digital Watermarking Products n n Giovanni (blue. Spike, www. bluespike. com) Sys. Cop (Media. Sec Technologies, www. mediasec. com) Digimark Watermarking Solutions, (Digimarc, www. digimarc. com) Audio. Mark, Video. Mark (Alpha-Tec Ltd, www. alphatecltd. com) 25

Watermarking Resources n Digital Watermarking World – papers, images, softwares, … n n http:

Watermarking Resources n Digital Watermarking World – papers, images, softwares, … n n http: //www. watermarkingworld. org Watermarking mailing list n n http: //www. watermarkingworld. org/ml. html Watermarking conferences n n IHW (Information Hiding Workshop) ACM Multimedia and Security Workshop SPIE: Conference on Security, Watermarking, and Steganography of Multimedia Contents IEEE: ICIP, ICME, MMSP, ICASSP, ISCAS, etc. 26

Semi-Fragile Watermarking For Content Authentication and Error Recovery

Semi-Fragile Watermarking For Content Authentication and Error Recovery

Seen is believing? 28

Seen is believing? 28

Authentication Capability n Global/Local Authentication n Global detection n n Local detection n n

Authentication Capability n Global/Local Authentication n Global detection n n Local detection n n Even one bit error will lead to global incredibility Can locate where the content has been tampered with Fragility/Robustness n Totally fragile n All manipulations are regarded as malicious tampering n n Need both fragile and robust abilities n n Permit incidental modifications Lossless embedding n n Military and medical images Error recovery 29

Authentication Attacks n Content-changing (malicious) modifications n n -Object detection/replacement, object swapping Content-preserving (incidental)

Authentication Attacks n Content-changing (malicious) modifications n n -Object detection/replacement, object swapping Content-preserving (incidental) modifications n Compression, filtering 30

Semi-Fragile Watermarking Requirements n Robustness n n Fragility n n Resist incidental manipulations (content-preserving

Semi-Fragile Watermarking Requirements n Robustness n n Fragility n n Resist incidental manipulations (content-preserving processing) Locate malicious tampering (content-changing processing) Other general watermarking requirements 31

Kundur and Hatzinakos’s Method (Proc. IEEE’ 99): Embedding Process 1 0 0 1 1

Kundur and Hatzinakos’s Method (Proc. IEEE’ 99): Embedding Process 1 0 0 1 1 0 1 0 Multimedia signal DHWT Quantization Marked Signal IDHWT Watermark Selection key Value of ∆ 32

Multipurpose Watermarking n Mintzer and Braudaway (ICASSP’ 99) n n Lu and Liao (IEEE

Multipurpose Watermarking n Mintzer and Braudaway (ICASSP’ 99) n n Lu and Liao (IEEE IP’ 00) n n Conception about how different watermarks for different purposes are embedded Non-blind detection Deguillaume et al. (Signal Processing’ 03) n n Joining a robust watermark and a fragile watermark Copyright protection is achieved by embedding multiple redundant watermarks to resist geometric distortions n n The embedded block-based watermarks are easily removed by the collusion attack (Lu and Hsu, 2003) Lu and Hsu (ICME’ 04) n Single block-based content-dependent watermark for both purposes 33

Semi-Fragile Watermarking for Error Detection and Concealment n Transmission of digital contents in noise

Semi-Fragile Watermarking for Error Detection and Concealment n Transmission of digital contents in noise -prone environments suffers from packet loss or bust error 34

Data hiding-based Error Resilience n Error detection (Authentication) n n Fragile watermark is inserted

Data hiding-based Error Resilience n Error detection (Authentication) n n Fragile watermark is inserted to reflect errors Error concealment (self-embedding) n Recovery information generated from the original data should be embedded n n n Advantage n n How many recovery bits (capacity)? Robust against modifications (robustness) Watermarked bit stream remains standard compliant Weakness n Trade-off between intrusiveness and correction capacity 35

Semi-Fragile Watermarking Conclusions n n n Design a method to detect malicious tampering is

Semi-Fragile Watermarking Conclusions n n n Design a method to detect malicious tampering is trivial Resistance to incidental modifications is a major issue Security is challenging n n Collage (Replacement) Attack Collusion and Copy Attacks 36

Steganography For Secret Communications

Steganography For Secret Communications

Steganography n Covert communication: n n Transmission of a secret message hidden within an

Steganography n Covert communication: n n Transmission of a secret message hidden within an ordinary carrier without reveal its existence Requirements n n n Security (statistical undetectibility) Capacity Robustness (optional) 38

Earlier Steganography n Apparently neutral’s protest is thoroughtly discounted and ignored. Isman hard hit.

Earlier Steganography n Apparently neutral’s protest is thoroughtly discounted and ignored. Isman hard hit. Blockade issue affects pretext for embargo on by products. Ejecting suets and vegetable oils. … Taking the second letter in each word Pershing sails from NY June 1. 39

Steganography vs. Watermarking Property Watermarking Steganography Modulation Substantial Little~moderate Imperceptibility Perceptual Statistical Robustness High

Steganography vs. Watermarking Property Watermarking Steganography Modulation Substantial Little~moderate Imperceptibility Perceptual Statistical Robustness High Data importance Carrier/message Depend on warden’s capacity Message Selection of Carrier Cannot be selected Can be selected Adversary Active Passive/active 40

Types of Warden n Passive n n Can only snoop channel Active n Can

Types of Warden n Passive n n Can only snoop channel Active n Can subtly manipulate channel n n n Format converting Palette changing Lossy compressing Compression quality changing Low-pass filtering Scaling 41

Steganography Techniques n n Spatial domain techniques n Least Significant Bit (LSB) n Palette-based

Steganography Techniques n n Spatial domain techniques n Least Significant Bit (LSB) n Palette-based embedding n Spread spectrum Frequency domain techniques n n Quantized embedding (embedding in JPEG image) Direct embedding 42

Steganography Conclusions n n Secret communication is everywhere around us today Steganography is still

Steganography Conclusions n n Secret communication is everywhere around us today Steganography is still at an early stage of research Steganography robust against active warden Notion of security and capacity for Steganography needs to be investigated 43

Media Hashing (Digital Fingerprinting) For Traitor Tracing

Media Hashing (Digital Fingerprinting) For Traitor Tracing

Architecture for Robust Identification of Media Content Track 1 Fingerprint Generator Track 11 Track

Architecture for Robust Identification of Media Content Track 1 Fingerprint Generator Track 11 Track Meta data Test Track Database Fingerprint Generator Compare If match Return Track ID Confidence 45

Perceptual Hashing n The fragility of cryptography hashing is too restricted n n Media

Perceptual Hashing n The fragility of cryptography hashing is too restricted n n Media data permits acceptable distortions Media hashing needs n n Robustness (error-resilience) Collision-free Fast searching (complexity) Scalability 46

Robust Signal Hashing Problem Hash(Baboon) = XXX… Hash(Lena) = YYY… Should be very different

Robust Signal Hashing Problem Hash(Baboon) = XXX… Hash(Lena) = YYY… Should be very different Hash(Lena 2) = ZZZ… Should be sufficiently similar 47

Robust Mesh-based Hashing for Copy Detection and Tracing of Images Chun-Shien Lu, Chao-Yong Hsu,

Robust Mesh-based Hashing for Copy Detection and Tracing of Images Chun-Shien Lu, Chao-Yong Hsu, Shih-Wei Sun, and Pao-Chi Chang Proc. IEEE Int. Conf. on Multimedia and Expo: special session on Media Identification, Taipei, Taiwan, 2004 Reporter: Jen-Bang Feng

The Proposed Method Original image DWT Lowest-frequency component Mesh normalization Harris detector Mesh generation

The Proposed Method Original image DWT Lowest-frequency component Mesh normalization Harris detector Mesh generation Delaunay tesslation Normalized meshes Mesh-based Hash extraction Hash sequence 49

The Proposed Method 50

The Proposed Method 50

Mesh Normalization C’ C A Mk Mknorm B A’ B’ 51

Mesh Normalization C’ C A Mk Mknorm B A’ B’ 51

Mesh-Based Hashing 4 x 4 DCT Total 64 blocks 32 64 bits per mesh,

Mesh-Based Hashing 4 x 4 DCT Total 64 blocks 32 64 bits per mesh, half 1’s and half 0’s 32 52