Lime: Data Lineage in the Malicious Environment

Intentional or unintentional leakage of confidential data is undoubtedly one of the most severe security threats that organizations face in the digital era. The threat now extends to our personal lives: a plethora of personal information is available to social networks and smartphone providers and is indirectly transferred to untrustworthy third party and fourth party applications. In this work, we present a generic data lineage framework LIME for data flow across multiple entities that take two characteristic, principal roles (i.e., owner and consumer). We define the exact security guarantees required by such a data lineage mechanism toward identification of a guilty entity, and identify the simplifying non repudiation and honesty assumptions. We then develop and analyze a novel accountable data transfer protocol between two entities within a malicious environment by building upon oblivious transfer, robust watermarking, and signature primitives. Finally, we perform an experimental evaluation to demonstrate the practicality of our protocol

Secure Watermarking for Multimedia Content Protection: A Review of its Benefits and Open Issues

Distribution channels such as digital music downloads, video-on-demand, multimedia social networks, pose new challenges to the design of content protection measures aimed at preventing copyright violations. Digital watermarking has been proposed as a possible brick of such protection systems, providing a means to embed a unique code, as a fingerprint, into each copy of the distributed content. However, application of watermarking for multimedia content protection in realistic scenarios poses several security issues. Secure signal processing, by which name we indicate a set of techniques able to process sensitive signals that have been obfuscated either by encryption or by other privacy-preserving primitives, may offer valuable solutions to the aforementioned issues. More specifically, the adoption of efficient methods for watermark embedding or detection on data that have been secured in some way, which we name in short secure watermarking, provides an elegant way to solve the security concerns of fingerprinting applications. The aim of this contribution is to illustrate recent results regarding secure watermarking to the signal processing community, highlighting both benefits and still open issues. Some of the most interesting challenges in this area, as well as new research directions, will also be discussed

Design and Analysis of Fair Content Tracing Protocols

The work in this thesis examines protocols designed to address the issues of tracing illegal distribution of digital content in a fair manner. In digital content distribution, a client requests content from a distributor, and the distributor sends content to the client. The main concern is misuse of content by the client, such as illegal distribution. As a result, digital watermarking schemes that enable the distributor to trace copies of content and identify the perpetrator were proposed. However, such schemes do not provide a mechanism for the distributor to prove to a third party that a client illegally distributed copies of content. Furthermore, it is possible that the distributor falsely accuses a client as he has total control of the tracing mechanisms. Fair content tracing (FaCT) protocols were thus proposed to allow tracing of content that does not discriminate either the distributor or the client. Many FaCT protocols have been proposed, mostly without an appropriate design framework, and so there is no obvious and systematic way to evaluate them. Therefore, we propose a framework that provides a definition of security and which enables classification of FaCT protocols so that they can be analysed in a systematic manner. We define, based on our framework, four main categories of FaCT protocols and propose new approaches to designing them. The first category is protocols without trusted third parties. As the name suggests, these protocols do not rely on a central trusted party for fair tracing of content. It is difficult to design such a protocol without drawing on extra measures that increase communication and computation costs. We show this is the case by demonstrating flaws in two recent proposals. We also illustrate a possible repair based on relaxing the assumption of trust on the distributor. The second category is protocols with online trusted third parties, where a central online trusted party is deployed. This means a trusted party must always be available during content distribution between the distributor and the client. While the availability of a trusted third party may simplify the design of such protocols, efficiency may suffer due to the need to communicate with this third party. The third category is protocols with offline trusted third parties, where a central offline trusted party is deployed. The difference between the offline and the online trusted party is that the offline trusted party need not be available during content distribution. It only needs to be available during the initial setup and when there is a dispute between the distributor and the client. This reduces the communication requirements compared to using an online trusted party. Using a symmetric-based cryptographic primitive known as Chameleon encryption, we proposed a new approach to designing such protocols. The fourth category is protocols with trusted hardware. Previous protocols proposed in this category have abstracted away from a practical choice of the underlying trusted hardware. We propose new protocols based on a Trusted Platform Module (TPM). Finally, we examine the inclusion of payment in a FaCT protocol, and how adding payment motivates the requirement for fair exchange of buying and selling digital content