Collusion-Secure Watermarking for Sequential Data

In this work, we address the liability issues that may arise due to unauthorized sharing of personal data. We consider a scenario in which an individual shares his sequential data (such as genomic data or location patterns) with several service providers (SPs). In such a scenario, if his data is shared with other third parties without his consent, the individual wants to determine the service provider that is responsible for this unauthorized sharing. To provide this functionality, we propose a novel optimization-based watermarking scheme for sharing of sequential data. Thus, in the case of an unauthorized sharing of sensitive data, the proposed scheme can find the source of the leakage by checking the watermark inside the leaked data. In particular, the proposed schemes guarantees with a high probability that (i) the malicious SP that receives the data cannot understand the watermarked data points, (ii) when more than one malicious SPs aggregate their data, they still cannot determine the watermarked data points, (iii) even if the unauthorized sharing involves only a portion of the original data or modified data (to damage the watermark), the corresponding malicious SP can be kept responsible for the leakage, and (iv) the added watermark is compliant with the nature of the corresponding data. That is, if there are inherent correlations in the data, the added watermark still preserves such correlations. Watermarking typically means changing certain parts of the data, and hence it may have negative effects on data utility. The proposed scheme also minimizes such utility loss while it provides the aforementioned security guarantees. Furthermore, we conduct a case study of the proposed scheme on genomic data and show the security and utility guarantees of the proposed scheme

ISWAR: An Imaging System with Watermarking and Attack Resilience

With the explosive growth of internet technology, easy transfer of digital multimedia is feasible. However, this kind of convenience with which authorized users can access information, turns out to be a mixed blessing due to information piracy. The emerging field of Digital Rights Management (DRM) systems addresses issues related to the intellectual property rights of digital content. In this paper, an object-oriented (OO) DRM system, called "Imaging System with Watermarking and Attack Resilience" (ISWAR), is presented that generates and authenticates color images with embedded mechanisms for protection against infringement of ownership rights as well as security attacks. In addition to the methods, in the object-oriented sense, for performing traditional encryption and decryption, the system implements methods for visible and invisible watermarking. This paper presents one visible and one invisible watermarking algorithm that have been integrated in the system. The qualitative and quantitative results obtained for these two watermarking algorithms with several benchmark images indicate that high-quality watermarked images are produced by the algorithms. With the help of experimental results it is demonstrated that the presented invisible watermarking techniques are resilient to the well known benchmark attacks and hence a fail-safe method for providing constant protection to ownership rights

Medical Image Watermarking using 2D-DWT with Enhanced security and capacity

Teleradiology enables medical images to be transferred over the computer networks for many purposes including clinical interpretation, diagnosis, archive, etc. In telemedicine, medical images can be manipulated while transferring. In addition, medical information security requirements are specified by the legislative rules, and concerned entities must adhere to them. In this research, we propose a new scheme based on 2-dimensional Discrete Wavelet Transform (2D DWT) to improve the robustness and authentication of medical images. In addition, the current research improves security and capacity of watermarking using encryption and compression in medical images. The evaluation is performed on the personal dataset, which contains 194 CTI and 68 MRI cases

High Resilience Diverse Domain Multilevel Audio Watermarking with Adaptive Threshold

A novel diverse domain (DCT-SVD & DWT-SVD) watermarking scheme is proposed in this paper. Here, the watermark is embedded simultaneously onto the two domains. It is shown that an audio signal watermarked using this scheme has better subjective and objective quality when compared with other watermarking schemes. Also proposed are two novel watermark detection algorithms viz., AOT (Adaptively Optimised Threshold) and AOTx (AOT eXtended). The fundamental idea behind both is finding an optimum threshold for detecting a known character embedded along with the actual watermarks in a known location, with the constraint that the Bit Error Rate (BER) is minimum. This optimum threshold is used for detecting the other characters in the watermarks. This approach is shown to make the watermarking scheme less susceptible to various signal processing attacks, thus making the watermarks more robust

Adversarial Audio: A New Information Hiding Method and Backdoor for DNN-based Speech Recognition Models

Audio is an important medium in people's daily life, hidden information can be embedded into audio for covert communication. Current audio information hiding techniques can be roughly classed into time domain-based and transform domain-based techniques. Time domain-based techniques have large hiding capacity but low imperceptibility. Transform domain-based techniques have better imperceptibility, but the hiding capacity is poor. This paper proposes a new audio information hiding technique which shows high hiding capacity and good imperceptibility. The proposed audio information hiding method takes the original audio signal as input and obtains the audio signal embedded with hidden information (called stego audio) through the training of our private automatic speech recognition (ASR) model. Without knowing the internal parameters and structure of the private model, the hidden information can be extracted by the private model but cannot be extracted by public models. We use four other ASR models to extract the hidden information on the stego audios to evaluate the security of the private model. The experimental results show that the proposed audio information hiding technique has a high hiding capacity of 48 cps with good imperceptibility and high security. In addition, our proposed adversarial audio can be used to activate an intrinsic backdoor of DNN-based ASR models, which brings a serious threat to intelligent speakers.Comment: Submitted to RAID201

Lime: Data Lineage in the Malicious Environment

Intentional or unintentional leakage of confidential data is undoubtedly one of the most severe security threats that organizations face in the digital era. The threat now extends to our personal lives: a plethora of personal information is available to social networks and smartphone providers and is indirectly transferred to untrustworthy third party and fourth party applications. In this work, we present a generic data lineage framework LIME for data flow across multiple entities that take two characteristic, principal roles (i.e., owner and consumer). We define the exact security guarantees required by such a data lineage mechanism toward identification of a guilty entity, and identify the simplifying non repudiation and honesty assumptions. We then develop and analyze a novel accountable data transfer protocol between two entities within a malicious environment by building upon oblivious transfer, robust watermarking, and signature primitives. Finally, we perform an experimental evaluation to demonstrate the practicality of our protocol

Multi-Flow Attacks Against Network Flow Watermarks: Analysis and Countermeasures

In this paper, we analyze several recent schemes for watermarking network flows that are based on splitting the flow into timing intervals. We show that this approach creates time-dependent correlations that enable an attack that combines multiple watermarked flows. Such an attack can easily be mounted in nearly all applications of network flow watermarking, both in anonymous communication and stepping stone detection. The attack can be used to detect the presence of a watermark, recover the secret parameters, and remove the watermark from a flow. The attack can be effective even if different flows are marked with different values of a watermark. We analyze the efficacy of our attack using a probabilistic model and a Markov-Modulated Poisson Process (MMPP) model of interactive traffic. We also implement our attack and test it using both synthetic and real-world traces, showing that our attack is effective with as few as 10 watermarked flows. Finally, we propose possible countermeasures to defeat the multi-flow attack

Print-Scan Resilient Text Image Watermarking Based on Stroke Direction Modulation for Chinese Document Authentication

Print-scan resilient watermarking has emerged as an attractive way for document security. This paper proposes an stroke direction modulation technique for watermarking in Chinese text images. The watermark produced by the idea offers robustness to print-photocopy-scan, yet provides relatively high embedding capacity without losing the transparency. During the embedding phase, the angle of rotatable strokes are quantized to embed the bits. This requires several stages of preprocessing, including stroke generation, junction searching, rotatable stroke decision and character partition. Moreover, shuffling is applied to equalize the uneven embedding capacity. For the data detection, denoising and deskewing mechanisms are used to compensate for the distortions induced by hardcopy. Experimental results show that our technique attains high detection accuracy against distortions resulting from print-scan operations, good quality photocopies and benign attacks in accord with the future goal of soft authentication

Data Hiding with Deep Learning: A Survey Unifying Digital Watermarking and Steganography

Data hiding is the process of embedding information into a noise-tolerant signal such as a piece of audio, video, or image. Digital watermarking is a form of data hiding where identifying data is robustly embedded so that it can resist tampering and be used to identify the original owners of the media. Steganography, another form of data hiding, embeds data for the purpose of secure and secret communication. This survey summarises recent developments in deep learning techniques for data hiding for the purposes of watermarking and steganography, categorising them based on model architectures and noise injection methods. The objective functions, evaluation metrics, and datasets used for training these data hiding models are comprehensively summarised. Finally, we propose and discuss possible future directions for research into deep data hiding techniques

Adversarial Attacks Against Automatic Speech Recognition Systems via Psychoacoustic Hiding

Voice interfaces are becoming accepted widely as input methods for a diverse set of devices. This development is driven by rapid improvements in automatic speech recognition (ASR), which now performs on par with human listening in many tasks. These improvements base on an ongoing evolution of DNNs as the computational core of ASR. However, recent research results show that DNNs are vulnerable to adversarial perturbations, which allow attackers to force the transcription into a malicious output. In this paper, we introduce a new type of adversarial examples based on psychoacoustic hiding. Our attack exploits the characteristics of DNN-based ASR systems, where we extend the original analysis procedure by an additional backpropagation step. We use this backpropagation to learn the degrees of freedom for the adversarial perturbation of the input signal, i.e., we apply a psychoacoustic model and manipulate the acoustic signal below the thresholds of human perception. To further minimize the perceptibility of the perturbations, we use forced alignment to find the best fitting temporal alignment between the original audio sample and the malicious target transcription. These extensions allow us to embed an arbitrary audio input with a malicious voice command that is then transcribed by the ASR system, with the audio signal remaining barely distinguishable from the original signal. In an experimental evaluation, we attack the state-of-the-art speech recognition system Kaldi and determine the best performing parameter and analysis setup for different types of input. Our results show that we are successful in up to 98% of cases with a computational effort of fewer than two minutes for a ten-second audio file. Based on user studies, we found that none of our target transcriptions were audible to human listeners, who still understand the original speech content with unchanged accuracy