822 research outputs found
Collusion-Secure Watermarking for Sequential Data
In this work, we address the liability issues that may arise due to
unauthorized sharing of personal data. We consider a scenario in which an
individual shares his sequential data (such as genomic data or location
patterns) with several service providers (SPs). In such a scenario, if his data
is shared with other third parties without his consent, the individual wants to
determine the service provider that is responsible for this unauthorized
sharing. To provide this functionality, we propose a novel optimization-based
watermarking scheme for sharing of sequential data. Thus, in the case of an
unauthorized sharing of sensitive data, the proposed scheme can find the source
of the leakage by checking the watermark inside the leaked data. In particular,
the proposed schemes guarantees with a high probability that (i) the malicious
SP that receives the data cannot understand the watermarked data points, (ii)
when more than one malicious SPs aggregate their data, they still cannot
determine the watermarked data points, (iii) even if the unauthorized sharing
involves only a portion of the original data or modified data (to damage the
watermark), the corresponding malicious SP can be kept responsible for the
leakage, and (iv) the added watermark is compliant with the nature of the
corresponding data. That is, if there are inherent correlations in the data,
the added watermark still preserves such correlations. Watermarking typically
means changing certain parts of the data, and hence it may have negative
effects on data utility. The proposed scheme also minimizes such utility loss
while it provides the aforementioned security guarantees. Furthermore, we
conduct a case study of the proposed scheme on genomic data and show the
security and utility guarantees of the proposed scheme
ISWAR: An Imaging System with Watermarking and Attack Resilience
With the explosive growth of internet technology, easy transfer of digital
multimedia is feasible. However, this kind of convenience with which authorized
users can access information, turns out to be a mixed blessing due to
information piracy. The emerging field of Digital Rights Management (DRM)
systems addresses issues related to the intellectual property rights of digital
content. In this paper, an object-oriented (OO) DRM system, called "Imaging
System with Watermarking and Attack Resilience" (ISWAR), is presented that
generates and authenticates color images with embedded mechanisms for
protection against infringement of ownership rights as well as security
attacks. In addition to the methods, in the object-oriented sense, for
performing traditional encryption and decryption, the system implements methods
for visible and invisible watermarking. This paper presents one visible and one
invisible watermarking algorithm that have been integrated in the system. The
qualitative and quantitative results obtained for these two watermarking
algorithms with several benchmark images indicate that high-quality watermarked
images are produced by the algorithms. With the help of experimental results it
is demonstrated that the presented invisible watermarking techniques are
resilient to the well known benchmark attacks and hence a fail-safe method for
providing constant protection to ownership rights
Medical Image Watermarking using 2D-DWT with Enhanced security and capacity
Teleradiology enables medical images to be transferred over the computer
networks for many purposes including clinical interpretation, diagnosis,
archive, etc. In telemedicine, medical images can be manipulated while
transferring. In addition, medical information security requirements are
specified by the legislative rules, and concerned entities must adhere to them.
In this research, we propose a new scheme based on 2-dimensional Discrete
Wavelet Transform (2D DWT) to improve the robustness and authentication of
medical images. In addition, the current research improves security and
capacity of watermarking using encryption and compression in medical images.
The evaluation is performed on the personal dataset, which contains 194 CTI and
68 MRI cases
High Resilience Diverse Domain Multilevel Audio Watermarking with Adaptive Threshold
A novel diverse domain (DCT-SVD & DWT-SVD) watermarking scheme is proposed in
this paper. Here, the watermark is embedded simultaneously onto the two
domains. It is shown that an audio signal watermarked using this scheme has
better subjective and objective quality when compared with other watermarking
schemes. Also proposed are two novel watermark detection algorithms viz., AOT
(Adaptively Optimised Threshold) and AOTx (AOT eXtended). The fundamental idea
behind both is finding an optimum threshold for detecting a known character
embedded along with the actual watermarks in a known location, with the
constraint that the Bit Error Rate (BER) is minimum. This optimum threshold is
used for detecting the other characters in the watermarks. This approach is
shown to make the watermarking scheme less susceptible to various signal
processing attacks, thus making the watermarks more robust
Adversarial Audio: A New Information Hiding Method and Backdoor for DNN-based Speech Recognition Models
Audio is an important medium in people's daily life, hidden information can
be embedded into audio for covert communication. Current audio information
hiding techniques can be roughly classed into time domain-based and transform
domain-based techniques. Time domain-based techniques have large hiding
capacity but low imperceptibility. Transform domain-based techniques have
better imperceptibility, but the hiding capacity is poor. This paper proposes a
new audio information hiding technique which shows high hiding capacity and
good imperceptibility. The proposed audio information hiding method takes the
original audio signal as input and obtains the audio signal embedded with
hidden information (called stego audio) through the training of our private
automatic speech recognition (ASR) model. Without knowing the internal
parameters and structure of the private model, the hidden information can be
extracted by the private model but cannot be extracted by public models. We use
four other ASR models to extract the hidden information on the stego audios to
evaluate the security of the private model. The experimental results show that
the proposed audio information hiding technique has a high hiding capacity of
48 cps with good imperceptibility and high security. In addition, our proposed
adversarial audio can be used to activate an intrinsic backdoor of DNN-based
ASR models, which brings a serious threat to intelligent speakers.Comment: Submitted to RAID201
Lime: Data Lineage in the Malicious Environment
Intentional or unintentional leakage of confidential data is undoubtedly one
of the most severe security threats that organizations face in the digital era.
The threat now extends to our personal lives: a plethora of personal
information is available to social networks and smartphone providers and is
indirectly transferred to untrustworthy third party and fourth party
applications.
In this work, we present a generic data lineage framework LIME for data flow
across multiple entities that take two characteristic, principal roles (i.e.,
owner and consumer). We define the exact security guarantees required by such a
data lineage mechanism toward identification of a guilty entity, and identify
the simplifying non repudiation and honesty assumptions. We then develop and
analyze a novel accountable data transfer protocol between two entities within
a malicious environment by building upon oblivious transfer, robust
watermarking, and signature primitives. Finally, we perform an experimental
evaluation to demonstrate the practicality of our protocol
Multi-Flow Attacks Against Network Flow Watermarks: Analysis and Countermeasures
In this paper, we analyze several recent schemes for watermarking network
flows that are based on splitting the flow into timing intervals. We show that
this approach creates time-dependent correlations that enable an attack that
combines multiple watermarked flows. Such an attack can easily be mounted in
nearly all applications of network flow watermarking, both in anonymous
communication and stepping stone detection. The attack can be used to detect
the presence of a watermark, recover the secret parameters, and remove the
watermark from a flow. The attack can be effective even if different flows are
marked with different values of a watermark.
We analyze the efficacy of our attack using a probabilistic model and a
Markov-Modulated Poisson Process (MMPP) model of interactive traffic. We also
implement our attack and test it using both synthetic and real-world traces,
showing that our attack is effective with as few as 10 watermarked flows.
Finally, we propose possible countermeasures to defeat the multi-flow attack
Print-Scan Resilient Text Image Watermarking Based on Stroke Direction Modulation for Chinese Document Authentication
Print-scan resilient watermarking has emerged as an attractive way for document security. This paper proposes an stroke direction modulation technique for watermarking in Chinese text images. The watermark produced by the idea offers robustness to print-photocopy-scan, yet provides relatively high embedding capacity without losing the transparency. During the embedding phase, the angle of rotatable strokes are quantized to embed the bits. This requires several stages of preprocessing, including stroke generation, junction searching, rotatable stroke decision and character partition. Moreover, shuffling is applied to equalize the uneven embedding capacity. For the data detection, denoising and deskewing mechanisms are used to compensate for the distortions induced by hardcopy. Experimental results show that our technique attains high detection accuracy against distortions resulting from print-scan operations, good quality photocopies and benign attacks in accord with the future goal of soft authentication
Data Hiding with Deep Learning: A Survey Unifying Digital Watermarking and Steganography
Data hiding is the process of embedding information into a noise-tolerant
signal such as a piece of audio, video, or image. Digital watermarking is a
form of data hiding where identifying data is robustly embedded so that it can
resist tampering and be used to identify the original owners of the media.
Steganography, another form of data hiding, embeds data for the purpose of
secure and secret communication. This survey summarises recent developments in
deep learning techniques for data hiding for the purposes of watermarking and
steganography, categorising them based on model architectures and noise
injection methods. The objective functions, evaluation metrics, and datasets
used for training these data hiding models are comprehensively summarised.
Finally, we propose and discuss possible future directions for research into
deep data hiding techniques
Adversarial Attacks Against Automatic Speech Recognition Systems via Psychoacoustic Hiding
Voice interfaces are becoming accepted widely as input methods for a diverse
set of devices. This development is driven by rapid improvements in automatic
speech recognition (ASR), which now performs on par with human listening in
many tasks. These improvements base on an ongoing evolution of DNNs as the
computational core of ASR. However, recent research results show that DNNs are
vulnerable to adversarial perturbations, which allow attackers to force the
transcription into a malicious output.
In this paper, we introduce a new type of adversarial examples based on
psychoacoustic hiding. Our attack exploits the characteristics of DNN-based ASR
systems, where we extend the original analysis procedure by an additional
backpropagation step. We use this backpropagation to learn the degrees of
freedom for the adversarial perturbation of the input signal, i.e., we apply a
psychoacoustic model and manipulate the acoustic signal below the thresholds of
human perception. To further minimize the perceptibility of the perturbations,
we use forced alignment to find the best fitting temporal alignment between the
original audio sample and the malicious target transcription. These extensions
allow us to embed an arbitrary audio input with a malicious voice command that
is then transcribed by the ASR system, with the audio signal remaining barely
distinguishable from the original signal. In an experimental evaluation, we
attack the state-of-the-art speech recognition system Kaldi and determine the
best performing parameter and analysis setup for different types of input. Our
results show that we are successful in up to 98% of cases with a computational
effort of fewer than two minutes for a ten-second audio file. Based on user
studies, we found that none of our target transcriptions were audible to human
listeners, who still understand the original speech content with unchanged
accuracy
- …