172 research outputs found
Hey That's Mine Imperceptible Watermarks are Preserved in Diffusion Generated Outputs
Generative models have seen an explosion in popularity with the release of
huge generative Diffusion models like Midjourney and Stable Diffusion to the
public. Because of this new ease of access, questions surrounding the automated
collection of data and issues regarding content ownership have started to
build. In this paper we present new work which aims to provide ways of
protecting content when shared to the public. We show that a generative
Diffusion model trained on data that has been imperceptibly watermarked will
generate new images with these watermarks present. We further show that if a
given watermark is correlated with a certain feature of the training data, the
generated images will also have this correlation. Using statistical tests we
show that we are able to determine whether a model has been trained on marked
data, and what data was marked. As a result our system offers a solution to
protect intellectual property when sharing content online
Digital watermarking and novel security devices
EThOS - Electronic Theses Online ServiceGBUnited Kingdo
Spread spectrum-based video watermarking algorithms for copyright protection
Merged with duplicate record 10026.1/2263 on 14.03.2017 by CS (TIS)Digital technologies know an unprecedented expansion in the last years. The consumer can
now benefit from hardware and software which was considered state-of-the-art several years
ago. The advantages offered by the digital technologies are major but the same digital
technology opens the door for unlimited piracy. Copying an analogue VCR tape was certainly
possible and relatively easy, in spite of various forms of protection, but due to the analogue
environment, the subsequent copies had an inherent loss in quality. This was a natural way of
limiting the multiple copying of a video material. With digital technology, this barrier
disappears, being possible to make as many copies as desired, without any loss in quality
whatsoever. Digital watermarking is one of the best available tools for fighting this threat.
The aim of the present work was to develop a digital watermarking system compliant with the
recommendations drawn by the EBU, for video broadcast monitoring. Since the watermark
can be inserted in either spatial domain or transform domain, this aspect was investigated and
led to the conclusion that wavelet transform is one of the best solutions available. Since
watermarking is not an easy task, especially considering the robustness under various attacks
several techniques were employed in order to increase the capacity/robustness of the system:
spread-spectrum and modulation techniques to cast the watermark, powerful error correction
to protect the mark, human visual models to insert a robust mark and to ensure its invisibility.
The combination of these methods led to a major improvement, but yet the system wasn't
robust to several important geometrical attacks. In order to achieve this last milestone, the
system uses two distinct watermarks: a spatial domain reference watermark and the main
watermark embedded in the wavelet domain. By using this reference watermark and techniques
specific to image registration, the system is able to determine the parameters of the attack and
revert it. Once the attack was reverted, the main watermark is recovered. The final result is a
high capacity, blind DWr-based video watermarking system, robust to a wide range of attacks.BBC Research & Developmen
Time- and Amplitude-Controlled Power Noise Generator against SPA Attacks for FPGA-Based IoT Devices
Power noise generation for masking power traces is a powerful countermeasure against
Simple Power Analysis (SPA), and it has also been used against Differential Power Analysis (DPA) or
Correlation Power Analysis (CPA) in the case of cryptographic circuits. This technique makes use of
power consumption generators as basic modules, which are usually based on ring oscillators when
implemented on FPGAs. These modules can be used to generate power noise and to also extract
digital signatures through the power side channel for Intellectual Property (IP) protection purposes.
In this paper, a new power consumption generator, named Xored High Consuming Module (XHCM),
is proposed. XHCM improves, when compared to others proposals in the literature, the amount of
current consumption per LUT when implemented on FPGAs. Experimental results show that these
modules can achieve current increments in the range from 2.4 mA (with only 16 LUTs on Artix-7
devices with a power consumption density of 0.75 mW/LUT when using a single HCM) to 11.1 mA
(with 67 LUTs when using 8 XHCMs, with a power consumption density of 0.83 mW/LUT). Moreover,
a version controlled by Pulse-Width Modulation (PWM) has been developed, named PWM-XHCM,
which is, as XHCM, suitable for power watermarking. In order to build countermeasures against
SPA attacks, a multi-level XHCM (ML-XHCM) is also presented, which is capable of generating
different power consumption levels with minimal area overhead (27 six-input LUTS for generating
16 different amplitude levels on Artix-7 devices). Finally, a randomized version, named RML-XHCM,
has also been developed using two True Random Number Generators (TRNGs) to generate current
consumption peaks with random amplitudes at random times. RML-XHCM requires less than
150 LUTs on Artix-7 devices. Taking into account these characteristics, two main contributions
have been carried out in this article: first, XHCM and PWM-XHCM provide an efficient power
consumption generator for extracting digital signatures through the power side channel, and on the
other hand, ML-XHCM and RML-XHCM are powerful tools for the protection of processing units
against SPA attacks in IoT devices implemented on FPGAs.Junta de AndaluciaEuropean Commission B-TIC-588-UGR2
Unbiased Watermark for Large Language Models
The recent advancements in large language models (LLMs) have sparked a
growing apprehension regarding the potential misuse. One approach to mitigating
this risk is to incorporate watermarking techniques into LLMs, allowing for the
tracking and attribution of model outputs. This study examines a crucial aspect
of watermarking: how significantly watermarks impact the quality of
model-generated outputs. Previous studies have suggested a trade-off between
watermark strength and output quality. However, our research demonstrates that
it is possible to integrate watermarks without affecting the output probability
distribution with appropriate implementation. We refer to this type of
watermark as an unbiased watermark. This has significant implications for the
use of LLMs, as it becomes impossible for users to discern whether a service
provider has incorporated watermarks or not. Furthermore, the presence of
watermarks does not compromise the performance of the model in downstream
tasks, ensuring that the overall utility of the language model is preserved.
Our findings contribute to the ongoing discussion around responsible AI
development, suggesting that unbiased watermarks can serve as an effective
means of tracking and attributing model outputs without sacrificing output
quality
Robust Distortion-free Watermarks for Language Models
We propose a methodology for planting watermarks in text from an
autoregressive language model that are robust to perturbations without changing
the distribution over text up to a certain maximum generation budget. We
generate watermarked text by mapping a sequence of random numbers -- which we
compute using a randomized watermark key -- to a sample from the language
model. To detect watermarked text, any party who knows the key can align the
text to the random number sequence. We instantiate our watermark methodology
with two sampling schemes: inverse transform sampling and exponential minimum
sampling. We apply these watermarks to three language models -- OPT-1.3B,
LLaMA-7B and Alpaca-7B -- to experimentally validate their statistical power
and robustness to various paraphrasing attacks. Notably, for both the OPT-1.3B
and LLaMA-7B models, we find we can reliably detect watermarked text () from tokens even after corrupting between -\% of the tokens
via random edits (i.e., substitutions, insertions or deletions). For the
Alpaca-7B model, we conduct a case study on the feasibility of watermarking
responses to typical user instructions. Due to the lower entropy of the
responses, detection is more difficult: around of the responses -- whose
median length is around tokens -- are detectable with , and
the watermark is also less robust to certain automated paraphrasing attacks we
implement
Preserving data integrity of encoded medical images: the LAR compression framework
International audienceThrough the development of medical imaging systems and their integration into a complete information system, the need for advanced joint coding and network services becomes predominant. PACS (Picture Archiving and Communication System) aims to acquire, store and compress, retrieve, present and distribute medical images. These systems have to be accessible via the Internet or wireless channels. Thus protection processes against transmission errors have to be added to get a powerful joint source-channel coding tool. Moreover, these sensitive data require confidentiality and privacy for both archiving and transmission purposes, leading to use cryptography and data embedding solutions. This chapter introduces data integrity protection and developed dedicated tools of content protection and secure bitstream transmission for medical encoded image purposes. In particular, the LAR image coding method is defined together with advanced securization services
- …