Part II Authentication Techniques

Similar documents
Confusion/Diffusion Capabilities of Some Robust Hash Functions

7 MULTIMEDIA AUTHENTICATION

SECURE SEMI-FRAGILE WATERMARKING FOR IMAGE AUTHENTICATION

S. Erfani, ECE Dept., University of Windsor Network Security

CS408 Cryptography & Internet Security

Message Authentication Codes and Cryptographic Hash Functions

Compression-Compatible Fragile and Semi-Fragile Tamper Detection

Digital Fragile Watermarking Scheme For Authentication Of. JPEG Images

Data Integrity. Modified by: Dr. Ramzi Saifan

Information and Communications Security: Encryption and Information Hiding

Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms

Robust Lossless Data Hiding. Outline

Image Authentication and Recovery Scheme Based on Watermarking Technique

Image Steganography (cont.)

Reversible Authentication Watermark for Image

Security Requirements

Multimedia Security: So What s the Big Deal?

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Combined Hashing/Watermarking Method for Image Authentication

A Study and Analysis on a Perceptual Image Hash Algorithm Based on Invariant Moments

CHAPTER 4 REVERSIBLE IMAGE WATERMARKING USING BIT PLANE CODING AND LIFTING WAVELET TRANSFORM

ENEE 459-C Computer Security. Message authentication

Radon Transform-Based Secure Image Hashing

Cryptographic Hash Functions. William R. Speirs

Computer Security: Principles and Practice

A hash function is strongly collision-free if it is computationally infeasible to find different messages M and M such that H(M) = H(M ).

Spring 2010: CS419 Computer Security

A Crypto Signature Scheme for Image Authentication over Wireless Channel

Digital Watermarking Schemes for Multimedia Authentication

Lecture 1 Applied Cryptography (Part 1)

Hash Function. Guido Bertoni Luca Breveglieri. Fundations of Cryptography - hash function pp. 1 / 18

Winter 2011 Josh Benaloh Brian LaMacchia

COMPARISONS OF DCT-BASED AND DWT-BASED WATERMARKING TECHNIQUES

CSC 474/574 Information Systems Security

Steganography. Brent McClain Rob Carey

CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography

Outline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing

CSCE 715: Network Systems Security

CHAPTER 6. LSB based data hiding with double Encryption. 6.1 Introduction

Introduction to Cryptography. Lecture 6

Message Authentication and Hash function

A Novel Secure Digital Watermark Generation from Public Share by Using Visual Cryptography and MAC Techniques

Cryptographic Systems

COMP4109 : Applied Cryptography

CSC 5930/9010 Modern Cryptography: Cryptographic Hashing

Tampering Detection in Compressed Digital Video Using Watermarking

A SEMI-FRAGILE WATERMARKING SCHEME FOR IMAGE TAMPER LOCALIZATION AND RECOVERY

UNIT - IV Cryptographic Hash Function 31.1

Block Mean Value Based Image Perceptual Hashing for Content Identification

Towards a Telltale Watermarking Technique for Tamper-Proofing

CHAPTER-4 WATERMARKING OF GRAY IMAGES

Other Topics in Cryptography. Truong Tuan Anh

Filtering. -If we denote the original image as f(x,y), then the noisy image can be denoted as f(x,y)+n(x,y) where n(x,y) is a cosine function.

A Survey of Fragile Watermarking-based Image Authentication Techniques

Multipurpose Color Image Watermarking Algorithm Based on IWT and Halftoning

CSE 127: Computer Security Cryptography. Kirill Levchenko

APNIC elearning: Cryptography Basics

Computer Security CS 526

Deploying a New Hash Algorithm. Presented By Archana Viswanath

Encryption. INST 346, Section 0201 April 3, 2018

Bit Adjusting Image Steganography in Blue Channel using AES and Secured Hash Function

CHAPTER 5 AUDIO WATERMARKING SCHEME INHERENTLY ROBUST TO MP3 COMPRESSION

Sign-up Sheet posted outside of my office HFH 1121

DIGITAL IMAGE WATERMARKING BASED ON A RELATION BETWEEN SPATIAL AND FREQUENCY DOMAINS

Digital Watermarking on Micro Image using Reversible Optical Reproduction

Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline

Summary on Crypto Primitives and Protocols

A CRYPTOGRAPHICALLY SECURE IMAGE WATERMARKING SCHEME

CSC 774 Network Security

Department of Computer Science and Engineering. CSE 3482 Introduction to Computer Security. Instructor: N. Vlajic Date: Mar 1, 2017

Descrambling Privacy Protected Information for Authenticated users in H.264/AVC Compressed Video

Generic collision attacks on hash-functions and HMAC

Encryption and Forensics/Data Hiding

Information Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1

Nios II Embedded Electronic Photo Album

Lecture 5. Cryptographic Hash Functions. Read: Chapter 5 in KPS

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Introduction to Cryptography

Some Stuff About Crypto

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

Digital Image Steganography Techniques: Case Study. Karnataka, India.

Cryptographic Hash Functions. Rocky K. C. Chang, February 5, 2015

A Reversible Data Hiding Scheme For JPEG Images

Chapter 11 Message Integrity and Message Authentication

Introduction to Software Security Hash Functions (Chapter 5)

Data Integrity & Authentication. Message Authentication Codes (MACs)

Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL

Cryptography. and Network Security. Lecture 0. Manoj Prabhakaran. IIT Bombay

Cryptographic Hash Functions

CS 645 : Lecture 6 Hashes, HMAC, and Authentication. Rachel Greenstadt May 16, 2012

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

A New Dynamic Hash Algorithm in Digital Signature

A Robust Video Hash Scheme Based on. 2D-DCT Temporal Maximum Occurrence

A New Watermarking Algorithm for Scanned Grey PDF Files Using Robust Logo and Hash Function

Deepa Kundur and Dimitrios Hatzinakos. 10 King's College Road. Department of Electrical and Computer Engineering. University of Toronto

Watermarking Of Relational Databases Mohit H Bhesaniya 1, Kunal Thanki 2

Cryptography MIS

Lecture 4: Authentication and Hashing

Public-key Cryptography: Theory and Practice

Transcription:

Part II Authentication Techniques

Authentication Codes Provides means for ensuring integrity of message Independent of secrecy - in fact sometimes secrecy may be undesirable!

Techniques for Authentication Achieved by adding redundancy» authenticator, tag, etc., or» structure of message In some sense like Error Correcting Codes Private Key - Public Key <=> Authentication - Digital Signature» Digital Signatures also provide origin authentication. Attacks» Substitution» Impersonation» Choice of above

Authenticating Multimedia Content Proliferation of digital multimedia content and Ease with which digital content can be manipulated Need for multimedia (image) authentication. Is the problem any different from traditional authentication? Some new issues do exist.

One-Way Hash Functions Examples of hash functions used for digital signatures are:» 20-byte secure hash algorithm (SHA-1) that has been standardized for government applications.» 16-byte MD2, MD4, or MD5 developed by Rivest. 1110000101001011 1010010.0100 1111010101001010 1110101001010000 1100010100 Hashing Function 1000101000 0101000010 Image Hash Original Image Secure hash function collision properties

Digital Signature Generation Original Image 1110000101001011 1010010010010100 1111010101001010 1110101001010000 10001. Private Key Hashing Function Image Hash 10001010010... Digital 1000101000 0101000010 Signature Encryption A digital signature is created in two steps:» A fingerprint of the image is created by using a one-way hash function;» The hash value is encrypted with the private key of a publickey cryptosystem. Forging this signature without knowing the private key is computationally infeasible.

Digital Signature Verification Verification Software Public Key Image being authenticated 11001011100001010010 01000010100100100101 10000111110101010010 10001010001.. Hashing function Digital Signature Decryption 1000101000 =? 0101000010 Hash of the original image 1000101000 0101000010 Hash of the image in question Yes or No

Digital Signature Authentication Hash Private key Original Digital Signature Public key FAIL! Forgery

New Issues Authentication of "content instead of specific representation -» Example - JPEG or GIF image. Embedding of authenticator within content» Survive transcoding» Use existing formats Detect local changes» Simple block based authentication could lead to substitution attacks Temporal relationship of multiple streams

Authentication Using Digital Watermarks A number of authentication techniques based on digital watermarks proposed in literature. A Digital watermark is a secret key dependent signal inserted into digital data and which can be later detected/extracted in order to make an assertion about the data. A digital watermark can be» Fragile» Robust

Fragile Watermarks

Authentication Watermark by Wong Block of watermark Logo User key K Image width M Image height N Compute Hash H( K, M, N, ~ Xr ) Cr Cr X r Insert into ~ LSB of Output Block X' r Image Block Xr Set LSB s to Zero ~ Xr

Limitations of Fragile Watermarks Essentially same as conventional authentication authenticate representation and not content. The differences being» Embed authenticator in content instead of tag.» Treat data stream as an object to be viewed by an human observer.» Computationally efficient?

Content-based Authentication Number of techniques proposed -» Schneider and Chang (1996)» Bhatacharjee et. Al (1998)» Kundur and Hatzinakos (1998)» Xie and Arce (1998)» Fridrich (1998)» Fridrich (1999)» And many more in subsequent years

Feature Authentication Image Feature Extraction Feature Set Hash Hash Value Encrypt Authenticator Private Key Embed in perceptually irrelevant part of image

Feature Authentication (contd.) Yes, Authentic Image Feature Extraction Feature Set Hash Hash Value Same? No, Not Authentic Authenticator Decrypt Hash of Feature Set of Original Public Key

Visual Hash Generation (Fridrich 99) Low frequency DCT coefficients of an image cannot be changed without changing the image itself. Projection onto N random smooth patterns. Image Block (B) Projection(D) D > 0? Yes i th Hash bit = 1 No i th Random vector, P i i th Hash bit = 0 Secret key

Overview of visual hash based image authentication system Input Image Watermark Embedder Marked Image VHF Encryption Spread Spectrum Watermark Generator Key Key We have shown that collisions can be generated for the underlying hash function. (RXM 2002).

Performance of Fridrich s Algorithm Forgery attack Probability of miss P m Signal processing attacks Probability of false alarm, P f d B Substitution No attack Smoot h Sharpe n 1% salt -pepper Histogr. equaliz. 35 db AWG N JPEG 70 Bit error P b =10-3 38 0.6% 1.1% 98.9% 20.0% 11.4% 3.1% 1.1% 6.7% 1.9% 41 1.0% 1.6% 98.3% 21.0% 19.5% 5.5% 2.5% 25.8% 2.5% And this was the best performance from a large collection of schemes studied by Sankur et. al.!!

Limitations of feature authentication Difficult to identify a set of definitive features. Set of allowable changes has no meaningful structure certain small changes may not be allowed but the same time large changes may be allowed in other situations. Strong features facilitate forgeries. Weak features cause too may false alarms.

Difficulties with content authentication of images Content is difficult to quantify. Malicious (benign) modifications are difficult to quantify. Images considered as points in continuous space means there is not a sharp boundary between authentic and inauthentic images. authentic inauthentic authentic and inauthentic images which are similar to each other

Distortion Bounded Authentication Memon et. al, 1999. Problem 1: allow flexibility in authentication to tolerate small changes Problem 2: to characterize and quantify the set of allowable changes» Bound the errors» Perceptual distortion or pixel value distortion Provide guarantees against substitution attacks. Approach bounded tolerance authentication» (semi-fragile)watermarking techniques offer flexibility but most do not offer bounds

Distortion Bounded Authentication Quantize image blocks or features prior to computing authenticator. Quantization also done prior to verifying authenticity of image. Enables distortion guarantees image considered authentic as long as change made does not cause quantized version to change. Can be used in many different ways

Distortion bounded authentication example. Private Key K Block of watermark Logo Image width M Image height N Compute Hash H( K, M, N, ~ Xr ) Pr Wr Encryption Sr Insert Sr into LSB of ~ Xr Xr Set LSB s to Zero ~ Quantize Xr block Xr ~

Limitations Distortion added to original image. Similar problems as feature authentication, though to a lesser degree. Significant changes may indeed be possible within specified set of allowable changes. How to define set of allowable changes?

A Better Approach? Chai Wah Wu - 2000 surely inauthentic images fuzzy region surely authentic images original image Fuzzy region: authenticity of image is uncertain.

A framework of content-based image authentication Given a source image I, an authentication tag T is generated from I. Tag T is much smaller than I (data reduction) I is changed to I' in order to make it authenticatable (authenticability distortion) T is appended to I' resulting in an authenticatable image (I',T). Source image I I' Authentication tag T Authenticatable image (I',T)

Authentication of (I', T) T is extracted from (I',T). A second tag T' is computed from I'. T and T' are compared. If they compare favorably (R(T,T') is true), image is authentic. Examples of R(T,T'): d(t,t') < ε T = T' (I',T) I' T I' T' Authentication tag T Compare T with T' : is R(T,T') true?

Some parameters to optimize D, the maximum authenticability distortion. The size of tag T compared to the size of source image I. Parameters β a and β m : given (I',T) generated by system, if x < β a, then (I'+x,T) is authentic. If x > β m, then (I'+x, T) is inauthentic. Size of fuzzy region is determined by β = β m - β a.

surely inauthentic images fuzzy region surely authentic images β a β m original image Fuzzy region: authenticity of image is uncertain.

Extract features and check for similarity Tag is generated from some inherent features of image such as the location of edges. Given (I',T), a second tag T' is calculated from I', and image is authentic if d(t,t') < ε for some metric d. Therefore similar images should generate similar tags (smoothness). Authenticability distortion D can be small.

Extract features and check for similarity Data reduction implies existence of forged images. Given a map f from [0,1] n to [0,1] m, n >> m, there exists points x,y such that d(x,y) is close to 1, but d(f(x),f(y)) is arbitrary small. Smoothness in generating the tags indicate a lack of diffusion and can lead to methods to forge images, e.g. edges do not contain color information. In cryptography, preimage resistant functions generally avoid such smoothness. β a and β m difficult to determine.

Generate hash and check for equality Authenticability distortion is applied to source image I to generate I'. Tag T is generated from I' by a cryptographic hash/digital signature scheme. To authenticate (I',T), generate T' from I', and image is authentic if T = T'.

Generate hash and check for equality Inherit security from cryptographic hash and digital signatures. One can prove that D b a. Thus authenticability distortion is at least as large as the benign distortion that can be tolerated. In Memon et al., D = b a. But,. some applications require D=0 or D < b a

Hash-based image authentication with no authenticability distortion Robustness to minor modifications using quantization functions. Utilize multiple quantization functions. Each point is quantized by a quantization function whose quantization boundaries are away from the point. The choice of quantization function is stored in an index vector. Quantized value is used to generate tag.

Hash-based image authentication with no authenticability distortion q0 q1 Choice of q is stored in one bit of index vector. With the proper q, small changes will not affect the quantized value and the tag.

Generate authenticatable image Select appropriate quantization functions for each data point. Store choice of quantization functions in index vector. Quantize data point with chosen quantization function. Sign quantized data + index vector. Append lossless compressed index vector to signature and form tag.

Authentication of images Extract index vector and signature from tag. Choose quantization functions according to index vector. Quantize data point with chosen quantization function. Verify signature against quantized data + index vector.

Example Lena RGB image in TIFF LZW format: 646KB. Authentication tag (index vector + signature): 5.6KB. Authenticatability distortion D = 0. After JPEG compression: image is authentic. After minor brightening of image: image is authentic. Extra strands added to hat area: image is inauthentic.

Features of the scheme Inherit security from cryptographic hash and digital signatures. Finding forged images which are β m away from the original is at least as hard as breaking the underlying digital signature scheme. D can be smaller than β a. β a and β m can be explicitly determined. Tradeoff D against size of authentication tag T. Tradeoff D against β a and β.

Flowchart of procedure to generate authenticatable data Source data I Feature vector generation V Apply authenticability distortion I' Choose quantization functions and generate index vector X Lossless compression of index vector Feature vector quantization Append index vector to quantized feature vector W Digital signature generation Authenticatable data I a Append/insert tag into I' T Tag generation S

Flowchart of Authentication Procedure I a Extract authentication tag T Extract signature from tag Extract compressed index vector from tag Generation of feature vector S V Decompression X Quantization of feature vector V according to X X Append X to quantized feature vector W Data is authentic success Signature verification failure Data is not authentic

Key Management In watermarking applications, especially authentication, it is convenient to» Use same key for watermarking different images or» Use same key to insert different watermarks in different images. We have shown on multiple occasions that above can be insecure, depending on watermarking technique and watermark inserted.

Image Dependent Key Attacks are possible only because same key used for seeding the pseudo-random sequence for each image. Can be avoided if we use different keys for different images. This can lead to key management problem. We have proposed two solutions» Image dependent key - Derive key from bits extracted from image itself.» Unique Salt for each image Salt used to derive master secret. Salt stored in the clear.

Summary and Conclusions Multimedia content poses some new challenges for design of authentication techniques. We need a formal framework similar to conventional authentication. Bounded tolerance trading off flexibility and quantifiable errors (comfort zone) is a good approach. Many schemes become vulnerable with same key used to mark multiple objects. Image dependent keys or salting offer good mechanisms to prevent such attacks.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback