Watermarking protocol for protecting user\u27s right in content based image retrieval

Content based image retrieval (CBIR) is a technique to search for images relevant to the user&rsquo;s query from an image collection.In last decade, most attention has been paid to improve the retrieval performance. However, there is no significant effort to investigate the security concerning in CBIR. Under the query by example (QBE) paradigm, the user supplies an image as a query and the system returns a set of retrieved results. If the query image includes user&rsquo;s private information, an untrusted server provider of CBIR may distribute it illegally, which leads to the user&rsquo;s right problem. In this paper, we propose an interactive watermarking protocol to address this problem. A watermark is inserted into the query image by the user in encrypted domain without knowing the exact content. The server provider of CBIR will get the watermarked query image and uses it to perform image retrieval. In case where the user finds an unauthorized copy, a watermark in the unauthorized copy will be used as evidence to prove that the user&rsquo;s legal right is infringed by the server provider.<br /

Analysis of a buyer-seller watermarking protocol for trustworthy purchasing of digital contents

In ubiquitous environments where human users get to access diverse kinds of (often multimedia enabled) services irrespective of where they are, the issue of security is a major concern. Security in this setting encompasses both in the interest of the human users as well as their information and objects that they own. A typical kind of transaction interaction among users and/or machines in these environments is that of exchanging digital objects via purchases and/or ownership transfers, e.g. someone buying a song from iTunes via his iPhone, or downloading either bought or rented movies onto a portable DVD player. Here, there is a need to provide trustworthy protection of the rights of both parties; i.e. the seller’s copyright needs to be protected against piracy, while on the other hand it has been highlighted in literature the need to protect innocent buyers from being framed. Indeed, if either party cannot be assured that his rights are protected when he is involved in transactions within such environments, he would shy away and instead prefer for instance the more conventional non-digital means of buying and selling. And therefore without active participation from human users and object owners it is difficult to fully kick off the actual realization of intelligent environments. Zhang et al. recently proposed a buyer–seller watermarking protocol without a trusted third party based on secret sharing. While it is a nice idea to eliminate the need of a trusted third party by distributing secret shares between the buyer and the seller such that neither party has knowledge of the fingerprint embedded in a content, we show that it is possible for a buyer to remove his part of the fingerprint from the content he bought. This directly disproves the piracy tracing property claimed by the protocol. In fact, since piracy tracing is one of the earliest security applications of watermarking schemes, it raises doubts as to the soundness of the design of this protocol

IMG-GUARD: Watermark Based Approach for Image Privacy in OSN Framework

A social networking service (also social networking site, SNS or social media) is an online platform that is used by people to build social networks or social relations with another persons who are share their own details or career interests, activities, backgrounds or real-life connections. Social networking sites are varied and they incorporate a range of new information and various tools such as availability personal computers, mobile devices such as tablet computers and smart phones, digital photo/video/sharing and "web logging" diary entries online (blogging). While Online Social Networks (OSNs) enable users to share photos easily, they also expose users to several privacy threats from both the OSNs and external entities. The current privacy controls on social networks are far from adequate, resulting in inappropriate flows of information when users fail to understand their privacy settings or OSNs fail to implement policies correctly. Social networks may be complicated because of privacy expectations when they reserve the right to analyze uploaded photos using automated watermarking technique. A user who uploads digital data such as image to their home page may wish to share it with only mutual friends, which OSNs partially satisfy with privacy settings. In this paper, we concentrate to solve the privacy violation problem occurred when images are published on the online social networks without the permission. According to such images are always shared after uploading process. Therefore, the digital image watermarking based on DWT co-efficient. Watermark bits are embedded in uploaded images. Watermarked images are shared in user homages can be difficult to misuse by other persons

Data Hiding and Its Applications

Data hiding techniques have been widely used to provide copyright protection, data integrity, covert communication, non-repudiation, and authentication, among other applications. In the context of the increased dissemination and distribution of multimedia content over the internet, data hiding methods, such as digital watermarking and steganography, are becoming increasingly relevant in providing multimedia security. The goal of this book is to focus on the improvement of data hiding algorithms and their different applications (both traditional and emerging), bringing together researchers and practitioners from different research fields, including data hiding, signal processing, cryptography, and information theory, among others

A framework for cascading payment and content exchange within P2P systems

Advances in computing technology and the proliferation of broadband in the home have opened up the Internet to wider use. People like the idea of easy access to information at their fingertips, via their personal networked devices. This has been established by the increased popularity of Peer-to-Peer (P2P) file-sharing networks. P2P is a viable and cost effective model for content distribution. Content producers require modest resources by today's standards to act as distributors of their content and P2P technology can assist in further reducing this cost, thus enabling the development of new business models for content distribution to realise market and user needs. However, many other consequences and challenges are introduced; more notably, the issues of copyright violation, free-riding, the lack of participation incentives and the difficulties associated with the provision of payment services within a decentralised heterogeneous and ad hoc environment. Further issues directly relevant to content exchange also arise such as transaction atomicity, non-repudiation and data persistence. We have developed a framework to address these challenges. The novel Cascading Payment Content Exchange (CasPaCE) framework was designed and developed to incorporate the use of cascading payments to overcome the problem of copyright violation and prevent free-riding in P2P file-sharing networks. By incorporating the use of unique identification, copyright mobility and fair compensation for both producers and distributors in the content distribution value chain, the cascading payments model empowers content producers and enables the creation of new business models. The system allows users to manage their content distribution as well as purchasing activities by mobilising payments and automatically gathering royalties on behalf of the producer. The methodology used to conduct this research involved the use of advances in service-oriented architecture development as well as the use of object-oriented analysis and design techniques. These assisted in the development of an open and flexible framework which facilitates equitable digital content exchange without detracting from the advantages of the P2P domain. A prototype of the CasPaCE framework (developed in Java) demonstrates how peer devices can be connected to form a content exchange environment where both producers and distributors benefit from participating in the system. This prototype was successfully evaluated within the bounds of an E-learning Content Exchange (EIConE) case study, which allows students within a large UK university to exchange digital content for compensation enabling the better use of redundant resources in the university

Design and Analysis of Fair Content Tracing Protocols

The work in this thesis examines protocols designed to address the issues of tracing illegal distribution of digital content in a fair manner. In digital content distribution, a client requests content from a distributor, and the distributor sends content to the client. The main concern is misuse of content by the client, such as illegal distribution. As a result, digital watermarking schemes that enable the distributor to trace copies of content and identify the perpetrator were proposed. However, such schemes do not provide a mechanism for the distributor to prove to a third party that a client illegally distributed copies of content. Furthermore, it is possible that the distributor falsely accuses a client as he has total control of the tracing mechanisms. Fair content tracing (FaCT) protocols were thus proposed to allow tracing of content that does not discriminate either the distributor or the client. Many FaCT protocols have been proposed, mostly without an appropriate design framework, and so there is no obvious and systematic way to evaluate them. Therefore, we propose a framework that provides a definition of security and which enables classification of FaCT protocols so that they can be analysed in a systematic manner. We define, based on our framework, four main categories of FaCT protocols and propose new approaches to designing them. The first category is protocols without trusted third parties. As the name suggests, these protocols do not rely on a central trusted party for fair tracing of content. It is difficult to design such a protocol without drawing on extra measures that increase communication and computation costs. We show this is the case by demonstrating flaws in two recent proposals. We also illustrate a possible repair based on relaxing the assumption of trust on the distributor. The second category is protocols with online trusted third parties, where a central online trusted party is deployed. This means a trusted party must always be available during content distribution between the distributor and the client. While the availability of a trusted third party may simplify the design of such protocols, efficiency may suffer due to the need to communicate with this third party. The third category is protocols with offline trusted third parties, where a central offline trusted party is deployed. The difference between the offline and the online trusted party is that the offline trusted party need not be available during content distribution. It only needs to be available during the initial setup and when there is a dispute between the distributor and the client. This reduces the communication requirements compared to using an online trusted party. Using a symmetric-based cryptographic primitive known as Chameleon encryption, we proposed a new approach to designing such protocols. The fourth category is protocols with trusted hardware. Previous protocols proposed in this category have abstracted away from a practical choice of the underlying trusted hardware. We propose new protocols based on a Trusted Platform Module (TPM). Finally, we examine the inclusion of payment in a FaCT protocol, and how adding payment motivates the requirement for fair exchange of buying and selling digital content

Towards secure web services: Performance analysis, decision making and steganography approaches

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.Web services provide a platform neutral and programming language independent technology that supports interoperable machine-to-machine interaction over a network. Clients and other systems interact with Web services using a standardised XML messaging system, such as the Simple Object Access Protocol (SOAP), typically conveyed using HTTP with an XML serialisation in conjunction with other related Web standards. Nevertheless, the idea of applications from different parties communicating together raises a security threat. The challenge of Web services security is to understand and consider the risks of securing a Web-based service depending on the existing security techniques and simultaneously follow evolving standards in order to fill the gap in Web services security. However, the performance of the security mechanisms is fraught with concerns due to additional security contents in SOAP messages, the higher number of message exchanges to establish trust, as well as the extra CPU time to process these additions. As the interaction between service providers and requesters occurs via XML-based SOAP messages, securing Web services tends to make these messages longer than they would be otherwise and consequently requires interpretation by XML parsers on both sides, which reduces the performance of Web services. The work described in this thesis can be broadly divided into three parts, the first of which is studying and comparing the performance of various security profiles applied on a Web service tested with different initial message sizes. The second part proposes a multi-criteria decision making framework to aid Web services developers and architects in selecting the best suited security profile that satisfies the different requirements of a given application during the development process in a systematic, manageable, and effective way. The proposed framework, based on the Analytical Hierarchy Process (AHP) approach, incorporates not only the security requirements, but also the performance considerations as well as the configuration constraints of these security profiles. The framework is then validated and evaluated using a scenario-driven approach to demonstrate situations where the decision making framework is used to make informed decisions to rank various security profiles in order to select the most suitable one for each scenario. Finally, the last part of this thesis develops a novel steganography method to be used for SOAP messages within Web services environments. This method is based on changing the order of XML elements according to a secret message. This method has a high imperceptibility; it leaves almost no trail because it uses the communication protocol as a cover medium, and keeps the structure and size of the SOAP message intact. The method is empirically validated using a feasible scenario so as to indicate its utility and value