Contribution to the construction of fingerprinting and watermarking schemes to protect mobile agents and multimedia content

The main characteristic of fingerprinting codes is the need of high error-correction capacity due to the fact that they are designed to avoid collusion attacks which will damage many symbols from the codewords. Moreover, the use of fingerprinting schemes depends on the watermarking system that is used to embed the codeword into the content and how it honors the marking assumption. In this sense, even though fingerprinting codes were mainly used to protect multimedia content, using them on software protection systems seems an option to be considered. This thesis, studies how to use codes which have iterative-decoding algorithms, mainly turbo-codes, to solve the fingerprinting problem. Initially, it studies the effectiveness of current approaches based on concatenating tradicioanal fingerprinting schemes with convolutional codes and turbo-codes. It is shown that these kind of constructions ends up generating a high number of false positives. Even though this thesis contains some proposals to improve these schemes, the direct use of turbo-codes without using any concatenation with a fingerprinting code as inner code has also been considered. It is shown that the performance of turbo-codes using the appropiate constituent codes is a valid alternative for environments with hundreds of users and 2 or 3 traitors. As constituent codes, we have chosen low-rate convolutional codes with maximum free distance. As for how to use fingerprinting codes with watermarking schemes, we have studied the option of using watermarking systems based on informed coding and informed embedding. It has been discovered that, due to different encodings available for the same symbol, its applicability to embed fingerprints is very limited. On this sense, some modifications to these systems have been proposed in order to properly adapt them to fingerprinting applications. Moreover the behavior and impact over a video produced as a collusion of 2 users by the YouTube’s s ervice has been s tudied. We have also studied the optimal parameters for viable tracking of users who have used YouTube and conspired to redistribute copies generated by a collusion attack. Finally, we have studied how to implement fingerprinting schemes and software watermarking to fix the problem of malicious hosts on mobile agents platforms. In this regard, four different alternatives have been proposed to protect the agent depending on whether you want only detect the attack or avoid it in real time. Two of these proposals are focused on the protection of intrusion detection systems based on mobile agents. Moreover, each of these solutions has several implications in terms of infrastructure and complexity.Els codis fingerprinting es caracteritzen per proveir una alta capacitat correctora ja que han de fer front a atacs de confabulació que malmetran una part important dels símbols de la paraula codi. D'atra banda, la utilització de codis de fingerprinting en entorns reals està subjecta a que l'esquema de watermarking que gestiona la incrustació sigui respectuosa amb la marking assumption. De la mateixa manera, tot i que el fingerprinting neix de la protecció de contingut multimèdia, utilitzar-lo en la protecció de software comença a ser una aplicació a avaluar. En aquesta tesi s'ha estudiat com aplicar codis amb des codificació iterativa, concretament turbo-codis, al problema del rastreig de traïdors en el context del fingerprinting digital. Inicialment s'ha qüestionat l'eficàcia dels enfocaments actuals en la utilització de codis convolucionals i turbo-codis que plantegen concatenacions amb esquemes habituals de fingerprinting. S'ha demostrat que aquest tipus de concatenacions portaven, de forma implícita, a una elevada probabilitat d'inculpar un usuari innocent. Tot i que s'han proposat algunes millores sobre aquests esquemes , finalment s'ha plantejat l'ús de turbocodis directament, evitant així la concatenació amb altres esquemes de fingerprinting. S'ha demostrat que, si s'utilitzen els codis constituents apropiats, el rendiment del turbo-descodificador és suficient per a ser una alternativa aplicable en entorns amb varis centenars d'usuaris i 2 o 3 confabuladors . Com a codis constituents s'ha optat pels codis convolucionals de baix ràtio amb distància lliure màxima. Pel que fa a com utilitzar els codis de fingerprinting amb esquemes de watermarking, s'ha estudiat l'opció d'utilitzar sistemes de watermarking basats en la codificació i la incrustació informada. S'ha comprovat que, degut a la múltiple codificació del mateix símbol, la seva aplicabilitat per incrustar fingerprints és molt limitada. En aquest sentit s'ha plantejat algunes modificacions d'aquests sistemes per tal d'adaptar-los correctament a aplicacions de fingerprinting. D'altra banda s'ha avaluat el comportament i l'impacte que el servei de YouTube produeix sobre un vídeo amb un fingerprint incrustat. A més , s'ha estudiat els paràmetres òptims per a fer viable el rastreig d'usuaris que han confabulat i han utilitzat YouTube per a redistribuir la copia fruït de la seva confabulació. Finalment, s'ha estudiat com aplicar els esquemes de fingerprinting i watermarking de software per solucionar el problema de l'amfitrió maliciós en agents mòbils . En aquest sentit s'han proposat quatre alternatives diferents per a protegir l'agent en funció de si és vol només detectar l'atac o evitar-lo en temps real. Dues d'aquestes propostes es centren en la protecció de sistemes de detecció d'intrusions basats en agents mòbils. Cadascuna de les solucions té diverses implicacions a nivell d'infrastructura i de complexitat.Postprint (published version

A forensics software toolkit for DNA steganalysis.

Recent advances in genetic engineering have allowed the insertion of artificial DNA strands into the living cells of organisms. Several methods have been developed to insert information into a DNA sequence for the purpose of data storage, watermarking, or communication of secret messages. The ability to detect, extract, and decode messages from DNA is important for forensic data collection and for data security. We have developed a software toolkit that is able to detect the presence of a hidden message within a DNA sequence, extract that message, and then decode it. The toolkit is able to detect, extract, and decode messages that have been encoded with a variety of different coding schemes. The goal of this project is to enable our software toolkit to determine with which coding scheme a message has been encoded in DNA and then to decode it. The software package is able to decode messages that have been encoded with every variation of most of the coding schemes described in this document. The software toolkit has two different options for decoding that can be selected by the user. The first is a frequency analysis approach that is very commonly used in cryptanalysis. This approach is very fast, but is unable to decode messages shorter than 200 words accurately. The second option is using a Genetic Algorithm (GA) in combination with a Wisdom of Artificial Crowds (WoAC) technique. This approach is very time consuming, but can decode shorter messages with much higher accuracy

Unbiased Watermark for Large Language Models

The recent advancements in large language models (LLMs) have sparked a growing apprehension regarding the potential misuse. One approach to mitigating this risk is to incorporate watermarking techniques into LLMs, allowing for the tracking and attribution of model outputs. This study examines a crucial aspect of watermarking: how significantly watermarks impact the quality of model-generated outputs. Previous studies have suggested a trade-off between watermark strength and output quality. However, our research demonstrates that it is possible to integrate watermarks without affecting the output probability distribution with appropriate implementation. We refer to this type of watermark as an unbiased watermark. This has significant implications for the use of LLMs, as it becomes impossible for users to discern whether a service provider has incorporated watermarks or not. Furthermore, the presence of watermarks does not compromise the performance of the model in downstream tasks, ensuring that the overall utility of the language model is preserved. Our findings contribute to the ongoing discussion around responsible AI development, suggesting that unbiased watermarks can serve as an effective means of tracking and attributing model outputs without sacrificing output quality

Data hiding in images based on fractal modulation and diversity combining

The current work provides a new data-embedding infrastructure based on fractal modulation. The embedding problem is tackled from a communications point of view. The data to be embedded becomes the signal to be transmitted through a watermark channel. The channel could be the image itself or some manipulation of the image. The image self noise and noise due to attacks are the two sources of noise in this paradigm. At the receiver, the image self noise has to be suppressed, while noise due to the attacks may sometimes be predicted and inverted. The concepts of fractal modulation and deterministic self-similar signals are extended to 2-dimensional images. These novel techniques are used to build a deterministic bi-homogenous watermark signal that embodies the binary data to be embedded. The binary data to be embedded, is repeated and scaled with different amplitudes at each level and is used as the wavelet decomposition pyramid. The binary data is appended with special marking data, which is used during demodulation, to identify and correct unreliable or distorted blocks of wavelet coefficients. This specially constructed pyramid is inverted using the inverse discrete wavelet transform to obtain the self-similar watermark signal. In the data embedding stage, the well-established linear additive technique is used to add the watermark signal to the cover image, to generate the watermarked (stego) image. Data extraction from a potential stego image is done using diversity combining. Neither the original image nor the original binary sequence (or watermark signal) is required during the extraction. A prediction of the original image is obtained using a cross-shaped window and is used to suppress the image self noise in the potential stego image. The resulting signal is then decomposed using the discrete wavelet transform. The number of levels and the wavelet used are the same as those used in the watermark signal generation stage. A thresholding process similar to wavelet de-noising is used to identify whether a particular coefficient is reliable or not. A decision is made as to whether a block is reliable or not based on the marking data present in each block and sometimes corrections are applied to the blocks. Finally the selected blocks are combined based on the diversity combining strategy to extract the embedded binary data

Robust image steganography method suited for prining = Robustna steganografska metoda prilagođena procesu tiska

U ovoj doktorskoj dizertaciji prezentirana je robustna steganografska metoda razvijena i prilagođena za tisak. Osnovni cilj metode je pružanje zaštite od krivotvorenja ambalaže. Zaštita ambalaže postiže se umetanjem više bitova informacije u sliku pri enkoderu, a potom maskiranjem informacije kako bi ona bila nevidljiva ljudskom oku. Informacija se pri dekoderu detektira pomoću infracrvene kamere. Preliminarna istraživanja pokazala su da u relevantnoj literaturi nedostaje metoda razvijenih za domenu tiska. Razlog za takav nedostatak jest činjenica da razvijanje steganografskih metoda za tisak zahtjeva veću količinu resursa i materijala, u odnosu na razvijanje sličnih domena za digitalnu domenu. Također, metode za tisak često zahtijevaju višu razinu kompleksnosti, budući da se tijekom reprodukcije pojavljuju razni oblici procesiranja koji mogu kompromitirati informaciju u slici [1]. Da bi se sačuvala skrivena informacija, metoda mora biti otporna na procesiranje koje se događa tijekom reprodukcije. Kako bi se postigla visoka razina otpornosti, informacija se može umetnuti unutar frekvencijske domene slike [2], [3]. Frekvencijskoj domeni slike možemo pristupiti pomoću matematičkih transformacija. Najčešće se koriste diskretna kosinusna transformacija (DCT), diskretna wavelet transformacija (DWT) i diskretna Fourierova transformacija (DFT) [2], [4]. Korištenje svake od navedenih transformacija ima određene prednosti i nedostatke, ovisno o kontekstu razvijanja metode [5]. Za metode prilagođene procesu tiska, diskretna Fourierova transformacija je optimalan odabir, budući da metode bazirane na DFT-u pružaju otpornost na geometrijske transformacije koje se događaju tijekom reprodukcije [5], [6]. U ovom istraživanju korištene su slike u cmyk prostoru boja. Svaka slika najprije je podijeljena u blokove, a umetanje informacije vrši se za svaki blok pojedinačno. Pomoću DFT-a, ???? kanal slikovnog bloka se transformira u frekvencijsku domenu, gdje se vrši umetanje informacije. Akromatska zamjena koristi se za maskiranje vidljivih artefakata nastalih prilikom umetanja informacije. Primjeri uspješnog korištenja akromatske zamjene za maskiranje artefakata mogu se pronaći u [7] i [8]. Nakon umetanja informacije u svaki slikovni blok, blokovi se ponovno spajaju u jednu, jedinstvenu sliku. Akromatska zamjena tada mijenja vrijednosti c, m i y kanala slike, dok kanal k, u kojemu se nalazi umetnuta informacija, ostaje nepromijenjen. Time nakon maskiranja akromatskom zamjenom označena slika posjeduje ista vizualna svojstva kao i slika prije označavanja. U eksperimentalnom dijelu rada koristi se 1000 slika u cmyk prostoru boja. U digitalnom okruženju provedeno je istraživanje otpornosti metode na slikovne napade specifične za reprodukcijski proces - skaliranje, blur, šum, rotaciju i kompresiju. Također, provedeno je istraživanje otpornosti metode na reprodukcijski proces, koristeći tiskane uzorke. Objektivna metrika bit error rate (BER) korištena je za evaluaciju. Mogućnost optimizacije metode testirala se procesiranjem slike (unsharp filter) i korištenjem error correction kodova (ECC). Provedeno je istraživanje kvalitete slike nakon umetanja informacije. Za evaluaciju su korištene objektivne metrike peak signal to noise ratio (PSNR) i structural similarity index measure (SSIM). PSNR i SSIM su tzv. full-reference metrike. Drugim riječima, potrebne su i neoznačena i označena slika istovremeno, kako bi se mogla utvrditi razina sličnosti između slika [9], [10]. Subjektivna analiza provedena je na 36 ispitanika, koristeći ukupno 144 uzorka slika. Ispitanici su ocijenjivali vidljivost artefakata na skali od nula (nevidljivo) do tri (vrlo vidljivo). Rezultati pokazuju da metoda posjeduje visoku razinu otpornosti na reprodukcijski proces. Također, metoda se uistinu optimizirala korištenjem unsharp filtera i ECC-a. Kvaliteta slike ostaje visoka bez obzira na umetanje informacije, što su potvrdili rezultati eksperimenata s objektivnim metrikama i subjektivna analiza

Collusion-resistant fingerprinting for multimedia in a broadcast channel environment

Digital fingerprinting is a method by which a copyright owner can uniquely embed a buyer-dependent, inconspicuous serial number (representing the fingerprint) into every copy of digital data that is legally sold. The buyer of a legal copy is then deterred from distributing further copies, because the unique fingerprint can be used to trace back the origin of the piracy. The major challenge in fingerprinting is collusion, an attack in which a coalition of pirates compare several of their uniquely fingerprinted copies for the purpose of detecting and removing the fingerprints. The objectives of this work are two-fold. First, we investigate the need for robustness against large coalitions of pirates by introducing the concept of a malicious distributor that has been overlooked in prior work. A novel fingerprinting code that has superior codeword length in comparison to existing work under this novel malicious distributor scenario is developed. In addition, ideas presented in the proposed fingerprinting design can easily be applied to existing fingerprinting schemes, making them more robust to collusion attacks. Second, a new framework termed Joint Source Fingerprinting that integrates the processes of watermarking and codebook design is introduced. The need for this new paradigm is motivated by the fact that existing fingerprinting methods result in a perceptually undistorted multimedia after collusion is applied. In contrast, the new paradigm equates the process of collusion amongst a coalition of pirates, to degrading the perceptual characteristics, and hence commercial value of the multimedia in question. Thus by enforcing that the process of collusion diminishes the commercial value of the content, the pirates are deterred from attacking the fingerprints. A fingerprinting algorithm for video as well as an efficient means of broadcasting or distributing fingerprinted video is also presented. Simulation results are provided to verify our theoretical and empirical observations